Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Message_2530136.eml

Overview

General Information

Sample name:Message_2530136.eml
Analysis ID:1538490
MD5:b1244297b6385c4850c57a41e5d3ad11
SHA1:03908a60b778c2e87ad9552f231f5e251cfee128
SHA256:5941699f83b93d332c3e07a566372ac3ec099ab259e81c1c8532e43c73c0220c
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Machine Learning detection for dropped file
Office viewer loads remote template
Creates a window with clipboard capturing capabilities
Queries the volume information (name, serial number etc) of a device
Sigma detected: Excel Network Connections
Sigma detected: Office Autorun Keys Modification
Sigma detected: Office Macro File Download
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Stores large binary data to the registry

Classification

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2852 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Message_2530136.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6836 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3559870E-4D5C-438D-A472-8E23E8B65191" "D8D67847-9A2D-4CD5-815E-18A8ECFE165D" "2852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • EXCEL.EXE (PID: 6284 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls" MD5: 4A871771235598812032C822E6F68F19)
      • EXCEL.EXE (PID: 6620 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding MD5: 4A871771235598812032C822E6F68F19)
  • OUTLOOK.EXE (PID: 68 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Message_2530136.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1272 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A87D86DA-6871-40E0-9AB1-C647AFECB6A3" "7A96B884-07A2-40D2-B58B-7F27B3474B0D" "68" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • EXCEL.EXE (PID: 3180 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls" MD5: 4A871771235598812032C822E6F68F19)
      • EXCEL.EXE (PID: 2816 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding MD5: 4A871771235598812032C822E6F68F19)
  • cleanup
No yara matches
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.60, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6284, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49719
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2852, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2852, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2852, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49719, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6284, Protocol: tcp, SourceIp: 13.107.246.60, SourceIsIpv6: false, SourcePort: 443
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2852, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMPJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMPJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMPJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMPJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: excel.exeMemory has grown: Private usage: 8MB later: 127MB
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
Source: classification engineClassification label: mal48.evad.winEML@14/42@0/86
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0613450125-2852.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Message_2530136.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3559870E-4D5C-438D-A472-8E23E8B65191" "D8D67847-9A2D-4CD5-815E-18A8ECFE165D" "2852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3559870E-4D5C-438D-A472-8E23E8B65191" "D8D67847-9A2D-4CD5-815E-18A8ECFE165D" "2852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Message_2530136.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A87D86DA-6871-40E0-9AB1-C647AFECB6A3" "7A96B884-07A2-40D2-B58B-7F27B3474B0D" "68" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A87D86DA-6871-40E0-9AB1-C647AFECB6A3" "7A96B884-07A2-40D2-B58B-7F27B3474B0D" "68" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\Remittance Advice.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: Message_2530136.emlStatic file information: File size 1205172 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Persistence and Installation Behavior

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXESection loaded: netapi32.dll and davhlpr.dll loaded
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote Services1
Clipboard Data
2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Modify Registry
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Process Injection
Security Account Manager13
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMP100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMP100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMP100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMP100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    unknown
    s-part-0032.t-0009.t-msedge.net
    13.107.246.60
    truefalse
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      184.30.158.130
      unknownUnited States
      2514INFOSPHERENTTPCCommunicationsIncJPfalse
      52.113.194.132
      unknownUnited States
      8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      1.1.1.1
      unknownAustralia
      13335CLOUDFLARENETUSfalse
      52.168.117.175
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      13.107.246.60
      s-part-0032.t-0009.t-msedge.netUnited States
      8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      2.19.126.163
      unknownEuropean Union
      16625AKAMAI-ASUSfalse
      52.109.28.46
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      2.19.126.160
      unknownEuropean Union
      16625AKAMAI-ASUSfalse
      20.189.173.18
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      20.42.73.27
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.109.76.243
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.109.76.144
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      20.50.201.204
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1538490
      Start date and time:2024-10-21 12:13:19 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:24
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:Message_2530136.eml
      Detection:MAL
      Classification:mal48.evad.winEML@14/42@0/86
      Cookbook Comments:
      • Found application associated with file extension: .eml
      • Exclude process from analysis (whitelisted): dllhost.exe
      • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.76.243
      • Excluded domains from analysis (whitelisted): ecs.office.com, prod.configsvc1.live.com.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtCreateKey calls found.
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.
      • Report size getting too big, too many NtSetValueKey calls found.
      • VT rate limit hit for: Message_2530136.eml
      InputOutput
      URL: Model: claude-3-5-sonnet-20240620
      {
          "explanation": [
              "The email appears to be a legitimate automated remittance advice from FLSmidth Financial Services.",
              "The sender's email address (remittance@flsmidth.com) matches the company name in the content.",
              "The email contains specific instructions and a reference number, which is typical for genuine remittance advices."
          ],
          "phishing": false,
          "confidence": 8
      }
      Is this email content a phishing attempt? Please respond only in valid JSON format:
          Email content converted to JSON:
      {
          "date": "Mon, 21 Oct 2024 03:48:36 -0500", 
          "subject": "Remittance Advice - payment reference: 3800802", 
          "communications": [
              " Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' *************************************************************************** Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' *************************************************************************** Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' ***************************************************************************"
          ], 
          "from": "FLSmidth Financial Services <remittance@flsmidth.com>", 
          "to": "info@domain-information-deleted"
      }
      URL: Email Model: claude-3-haiku-20240307
      ```json
      {
        "contains_trigger_text": true,
        "trigger_text": "The remittance advice for the payment made vide our payment document number 380080 reference only.",
        "prominent_button_name": "unknown",
        "text_input_field_labels": "unknown",
        "pdf_icon_visible": false,
        "has_visible_captcha": false,
        "has_urgent_text": true,
        "has_visible_qrcode": false
      }
      URL: Email Model: claude-3-haiku-20240307
      ```json
      {
        "brands": [
          "FLSmidth Financial Services"
        ]
      }
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):231348
      Entropy (8bit):4.373795091758133
      Encrypted:false
      SSDEEP:
      MD5:21650BCD78006F34911BFA85619AD88D
      SHA1:AC2443667C4157974517A985C8B8D5155C8C3760
      SHA-256:8850DCC04E7F328A59AD0A73A4AB670784B5C9ADE5354A69ED03724526636377
      SHA-512:763C5CBDD1698B09941ADB8119647C9C28C76ADE99F71DECADD1FB54E0608DB888F830151CE862EB570DCDE83B379E5999F3D5FEDA3F2F519688F9DB49192FF2
      Malicious:false
      Reputation:unknown
      Preview:TH02...... .....#......SM01X...,......#..........IPM.Activity...........h...............h............H..hl.o...........h........h..H..h\cal ...pDat...h...0....o....h..f............h........_`Pk...h..f.@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. hm.......o...#h....8.........$hh......8....."h........H.....'h..t...........1h..f.<.........0h....4....Uk../h....h.....UkH..h....p...l.o...-h .........o...+h>.f....`.o................. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (65536), with no line terminators
      Category:dropped
      Size (bytes):322260
      Entropy (8bit):4.000299760592446
      Encrypted:false
      SSDEEP:
      MD5:CC90D669144261B198DEAD45AA266572
      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
      Malicious:false
      Reputation:unknown
      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):10
      Entropy (8bit):2.9219280948873623
      Encrypted:false
      SSDEEP:
      MD5:88E084F3388D996FE9C0F857871F4F35
      SHA1:D824D7C75E8EC15A0800FC1CD1E6F0A085A396D8
      SHA-256:EB90CD18A05A7D1E8ADEABF59159BFBEDC91E52B8359BE28460FEC798CECF755
      SHA-512:AE883D669A853FAA599D613C5E668ABFFB6E055A21AA2546EDDDBA195A0C8C3F1D01DEDD05A2712C910091541B2D49B8438F2A69C9C3FC42CCB0670A21539A6C
      Malicious:false
      Reputation:unknown
      Preview:1729505631
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:JSON data
      Category:dropped
      Size (bytes):4947
      Entropy (8bit):5.108135203640119
      Encrypted:false
      SSDEEP:
      MD5:881527A7384B95D40F518BCE7DC5821D
      SHA1:CC7FAAD896F1C61C1093C39AE46180EE0C992AA5
      SHA-256:9A169F486CDCFE3D4F9BFFA1DE806AE545CFF65EC19678626FF1F4F1C642CBE3
      SHA-512:928C115EF148BB4A42C367FCFD70D3C283CEB940AA9AA5490D11EF7A585C1BFD19340756BA4749373F6E7BAB41254EB76E9C923EF0714D1D98588D9356DFA508
      Malicious:false
      Reputation:unknown
      Preview:{"CampaignStates":[{"CampaignId":"398f8b35-ef06-4a2b-a5dc-d85540d6fff3","LastNominationTimeUtc":"2024-10-21T10:13:54Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"f70160d7-74e7-4cb6-87ea-f1a222422e06","LastSurveyStartTimeUtc":"2024-10-21T10:13:54Z","LastSurveyExpirationTimeUtc":"2025-10-21T10:13:54Z","LastCooldownEndTimeUtc":"1601-01-01T00:00:00Z"},{"CampaignId":"8a42827d-29d2-473e-998e-3217724c5b68","LastNominationTimeUtc":"2024-10-21T10:13:54Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"c5e0a6ed-d2f0-40ed-ac89-82d37e25e8a0","LastSurveyStartTimeUtc":"2024-10-21T10:13:54Z","LastSurveyExpirationTimeUtc":"2025-10-21T10:13
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):178267
      Entropy (8bit):5.29026881672754
      Encrypted:false
      SSDEEP:
      MD5:8F0EFF3A871A4B28F700B190E329B65C
      SHA1:C730DFE14926B9C84D8E3BC184A5F8F0ECC42D17
      SHA-256:BA4D43DF3C048D92D51873E577631877C9DFF9E411D6DD9480BA3BE188E0CAF8
      SHA-512:A07B64AE401C888A3D06B76EAA31DF0DB7A29E507183F3CA43B12B589A0A7E70A4842B7AB989A6ADEE79F5FFF2D0B5B2DFF81A763B78F150F5B7130423DFC71E
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-21T10:13:48">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:A65AB3C8FA8F3ABF5FFDC64A9640F90A
      SHA1:A432ED3CB991B8A3C3C89EE26C517950C68AF837
      SHA-256:139679EB7FD305E87F0F254444E8FB9FE544FC7AF1D4776AE474AB326AEC8BA5
      SHA-512:18C3C5D102A782425DD0CAA574C278269CE4B3C066DD5089E6B5F0710BEDA13F34F725350974B809D1956134FB1BF967694C6C04F80357BCE7DCFAEBCC65AEDC
      Malicious:false
      Reputation:unknown
      Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.7.0.0.9.9.8.4.,.1.2.2.3.4.3.4.,.4.5.8.4.0.2.3.2.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.1.7.6.1.9.5.9.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.3.1.4.1.5.9.0.0.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
      Category:dropped
      Size (bytes):4096
      Entropy (8bit):0.09216609452072291
      Encrypted:false
      SSDEEP:
      MD5:F138A66469C10D5761C6CBB36F2163C3
      SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
      SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
      SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):4616
      Entropy (8bit):0.13700485453793962
      Encrypted:false
      SSDEEP:
      MD5:3EBFC8D02A148E6814080EEE0209BE70
      SHA1:B89C6CC2EA6EDFA64E5E0956DAEB92C6B71A62A6
      SHA-256:0724A3CDD242B883D9D15D858ED0685C024772E83470D234481795BC6833CFB3
      SHA-512:0FF1F4AAD38E2AEBD9A049AAADF606BADAB945905C7091AB86608C7833FE1DC1B9C909C99BE3DE4431B622AF2AB389D0E126AB0D3F6C06F5A311B47598115ECD
      Malicious:false
      Reputation:unknown
      Preview:.... .c.....m.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.04474066038091713
      Encrypted:false
      SSDEEP:
      MD5:F0FF98CFAD14FDBF711514200C051CCD
      SHA1:3D77D61CD609F62D955C00CD843A5625C842F6FB
      SHA-256:2960B2BED359F25E27800244CB03543E03CB9498C9EFA4EE7F51E1F4E6FBD1AE
      SHA-512:EB36DE79F170763016B8A6CA8CCE0B78C23D33C78739282BB07B7683126AA4555B0E21817D86E991DC2CF3575ADCEC133B4B431DEA2E7292A4C2B52F8E2720E4
      Malicious:false
      Reputation:unknown
      Preview:..-..................... 7.M0.....I...Q......@K..-..................... 7.M0.....I...Q......@K........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Write-Ahead Log, version 3007000
      Category:modified
      Size (bytes):45352
      Entropy (8bit):0.39383413707999043
      Encrypted:false
      SSDEEP:
      MD5:B08C669CF7FA7961F55A9ACAD08FB6DB
      SHA1:81378D2A9563CF574CD4B5AF5CFDC4712BF4DD0D
      SHA-256:06A5DC43BAF0BA0D8C28EDF1BE48B59B31D54D9322C808C8941EC9ABA281C572
      SHA-512:CC11DF6E06D1AF4C55FF36665665AE071AFA54EB216A9BF85C1744B02B860A7DDF30150AE85F94D0C9AB7D4D7406EDAA5D7A8987ECD6D9BA5C4B1C5E307DC762
      Malicious:false
      Reputation:unknown
      Preview:7....-............I...Q..0..!i............I...Q...W....KSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):422
      Entropy (8bit):5.324913317979872
      Encrypted:false
      SSDEEP:
      MD5:554108A20E410C7CD1C5F36036146887
      SHA1:6C865CB3A2B51A3EF44235986B25DD541563BACE
      SHA-256:22AA981F10E839FBF2C5C3A8F3DE7CAA2F9C3ADD7AF4750420FD2B1A05BE1709
      SHA-512:1E9D8D6B3D184DAAAE2F9A23AEFE60F8D235DDC624034722E1E5CD982985B8F24B03A39BFA754E6E9504DEDB735E79FEEE1BB0771556287532FCC8AB98281F9C
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<UserConfiguration>...<Info version="Outlook.16"/>...<Data>....<e k="18-piAvailGCShowPopup" v="3-True"/>....<e k="18-piFBUserPublishRange" v="9-2"/>....<e k="18-piAvailMtgShowPopup" v="3-True"/>....<e k="18-piAvailGCTextInGrid" v="3-True"/>....<e k="18-piFBUpdateSecs" v="9-900"/>....<e k="18-piAvailMtgTextInGrid" v="3-True"/>....<e k="18-OLPrefsVersion" v="9-1"/>...</Data>..</UserConfiguration>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):535
      Entropy (8bit):5.244869893194183
      Encrypted:false
      SSDEEP:
      MD5:8689A861A9B529A49674FC3073DFD876
      SHA1:5210588E1B9A70AB7A9BF4CBD6BAA1099430D2DB
      SHA-256:55B7FFB57DF26E835EB39FB35F4B57A5057D48FFA7CF7CF94312E322C5BE21F7
      SHA-512:0A5A1699816FB28DE6CF6407542EE16B70229C3A66319359FF8E88B257EAD5B5DDD723702C05A62C3F181D7B8B53F73B4744FF6617E6771F6C3B07F678BCB413
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<UserConfiguration>...<Info version="Outlook.16"/>...<Data>....<e k="18-piAutoProcess" v="3-True"/>....<e k="18-piRemindDefault" v="9-15"/>....<e k="18-piGroupCalendarShowMyDepartment" v="3-True"/>....<e k="18-piAutoDeleteReceipts" v="3-False"/>....<e k="18-piGroupCalendarShowDirectReports" v="3-True"/>....<e k="18-piGroupCalendarShowCoworkers" v="3-True"/>....<e k="18-OLPrefsVersion" v="9-1"/>....<e k="18-piShowFreeItems" v="9-0"/>....<e k="18-piShowWorkHourOnly" v="9-1"/>...</Data>..</UserConfiguration>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):267
      Entropy (8bit):5.160869873037959
      Encrypted:false
      SSDEEP:
      MD5:F351722FC2FCF3A1585D2A4FCD3174F9
      SHA1:7107F9791498794416A472633D25F760FF62921C
      SHA-256:0A4D7E4860AFAC36C43F2E5272678B7E267B46618AB46A596DD28DBC4C5915E3
      SHA-512:EEF511A0E8C17D8DC6DB00BFBB46AE55E5F9257D9EA4B9ED1FCA1E0C4BD2EC7F96D859C76D67E8B2DF72E9336693337BBCC269C929CFC3AD2D4AD04DA08B355B
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<UserConfiguration>...<Info version="Outlook.16"/>...<Data>....<e k="18-piConversationsOnInAllFoldersChangeNumber" v="9-1"/>....<e k="18-piUpgradeToConversations" v="9-2"/>....<e k="18-OLPrefsVersion" v="9-1"/>...</Data>..</UserConfiguration>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):196
      Entropy (8bit):5.121404985534659
      Encrypted:false
      SSDEEP:
      MD5:18DD6E6C7E001E6EB529C89CB34A0035
      SHA1:936B54A457C3C556F9450B145FE8C2C37E39EDB2
      SHA-256:DFBDE381FDE1A284C81A72D06A1A43FAF49CD1C085C87234E34E50B881567806
      SHA-512:05B58C78D721E3D30815D964F997AF0B768D63F061AB1A4881E38C6FEBA89DF630828B5AE9AA54B8CF6C6124B773ADAE682BACD655B043C60F6C4F4A9058891D
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<UserConfiguration>...<Info version="Outlook.16"/>...<Data>....<e k="18-piRuleOnAllRss" v="3-False"/>....<e k="18-OLPrefsVersion" v="9-1"/>...</Data>..</UserConfiguration>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):204
      Entropy (8bit):5.146779630782915
      Encrypted:false
      SSDEEP:
      MD5:A4DA275C13ACAA46CEB0D2158220CA0B
      SHA1:9933ED454356A170E1CB3DB18ED7CB2895FDE004
      SHA-256:3F476C44779AE7EAE8BF64111B9D90E7A24D43B88A9E62507956A534C997C467
      SHA-512:69083E5BFCB09043044807452C78D680D5440D6E80F9311284518E15FBA7D7D8A71FD6DF18DFD8C479C27C8C80A8E73822D3D41BA2E0DC4DBFEF7AF4090A3CF9
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<UserConfiguration>...<Info version="Outlook.16"/>...<Data>....<e k="18-piGroupExpandAnimations" v="3-True"/>....<e k="18-OLPrefsVersion" v="9-1"/>...</Data>..</UserConfiguration>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):634
      Entropy (8bit):4.927042331600238
      Encrypted:false
      SSDEEP:
      MD5:7C6BDDECBE4CFE6C1B9378ECDC6683A1
      SHA1:9023DCF630347858DC32844810CE514C28452B35
      SHA-256:C4777DFADCF735BF552275C911A28D9C612D7671B21F7C29B7281365AD72C1A8
      SHA-512:75660937C119C1A5B099B6B65EF4ACA69976337F7A8FC210FA6B40C52AE3149B190769D63DEDC52957D5B13A603BF5182C90DCA0399A7BF25F1C4F185370CE2F
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0"?>..<Root xmlns="WorkingHours.xsd">...<WorkHoursVersion1>....<TimeZone>.....<Bias>300</Bias>.....<Standard>......<Bias>0</Bias>......<ChangeDate>.......<Time>02:00:00</Time>.......<Date>0000/11/01</Date>.......<DayOfWeek>0</DayOfWeek>......</ChangeDate>.....</Standard>.....<DaylightSavings>......<Bias>-60</Bias>......<ChangeDate>.......<Time>02:00:00</Time>.......<Date>0000/03/02</Date>.......<DayOfWeek>0</DayOfWeek>......</ChangeDate>.....</DaylightSavings>.....<Name>Eastern Standard Time</Name>....</TimeZone>....<WorkDays>Monday Tuesday Wednesday Thursday Friday</WorkDays>...</WorkHoursVersion1>..</Root>..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):1536
      Entropy (8bit):1.1464700112623651
      Encrypted:false
      SSDEEP:
      MD5:72F5C05B7EA8DD6059BF59F50B22DF33
      SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
      SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
      SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
      Malicious:false
      Reputation:unknown
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):1024
      Entropy (8bit):0.03351732319703582
      Encrypted:false
      SSDEEP:
      MD5:830FBF83999E052538EAF156AB6ECB17
      SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
      SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
      SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:ASCII text, with very long lines (563), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.002837917444095734
      Encrypted:false
      SSDEEP:
      MD5:07B527C2B0617AE2D364099CC25DB009
      SHA1:A49AE2032FA1369297B89539A3B848D6A0885DF0
      SHA-256:EC7558A88F97278F0BBD17BD5A3B93C033972669DB9AA8188B576BC702EEA4E7
      SHA-512:93E9CADFAAE7F8766B38919F98B9207630945BF5DC5BB6331EB3660F3A80E0AE9F9789D9545FAFC41E215C5C9269456B13727CF01B5CA58F9F1DE7E62D5701CC
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 10:14:57.803.EXCEL (0xB00).0xE44.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":15,"Time":"2024-10-21T10:14:57.803Z","Contract":"Office.System.Activity","Activity.CV":"+O3p3L5Ir0yEsU0DxbI4WQ.1.10","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/21/2024 10:14:57.819.EXCEL (0xB00).0xE44.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":17,"Time":"2024-10-21T10:14:57.819Z","Contract":"Office.System.Activity","Activity.CV":"+O3p3L5Ir0yEsU0DxbI4WQ.1.11","Activity.Duration":10497,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersion":4,"
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:BB7DF04E1B0A2570657527A7E108AE23
      SHA1:5188431849B4613152FD7BDBA6A3FF0A4FD6424B
      SHA-256:C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
      SHA-512:768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):150
      Entropy (8bit):5.514135729275061
      Encrypted:false
      SSDEEP:
      MD5:36DA99758DB1B6B963AC2FD1AC958A3D
      SHA1:5CA9E677FF28F8E5C62B70CF16556C16ABD4635B
      SHA-256:FD4CB648B34DC97DCC60BAEAD2BE9DA689813BCB50FC1535232EB413579762C2
      SHA-512:E2771E38139B779F7F0C65E9B402C6A5C5F7C12D75BB42991F612CFB2DCFCB305A2A965F8832B7365770E0B05DE0DBFC6C522FA9EE1E688D44C9F1D8D88C0AD4
      Malicious:false
      Reputation:unknown
      Preview:S.T..&........!Q.............Yfile:///C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BJ6A8D0H\..Remittance%20Advice..xls..d.
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
      Category:dropped
      Size (bytes):765340
      Entropy (8bit):4.149249166872395
      Encrypted:false
      SSDEEP:
      MD5:D439450CD3385B127E476E71929E8B32
      SHA1:ED5F78F281E5279D420E37EE7F68DA88EEAB4E77
      SHA-256:17458474EA7FE82E2D5BA484D82B8FE65A61692E10CF264F543394AE471EF2F9
      SHA-512:0DE2C6B9E56E749A435CC7E831BE161922B64BDBA14A0B7EA0F9140BD466061DCD60571D5125F6438AB67FEFCE7159B29AEB37163545A99C4F72F4408BAF499D
      Malicious:false
      Reputation:unknown
      Preview:....l...............o...........@m..?... EMF........x+..)...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:
      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
      Malicious:false
      Reputation:unknown
      Preview:[ZoneTransfer]..ZoneId=3..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.004699970333355713
      Encrypted:false
      SSDEEP:
      MD5:CC3C3A10CB2F99EC8A8E8A46EC8C5682
      SHA1:6AE9EC2F4AB307E03FF1F51F1A9511FE09757F46
      SHA-256:277574CC13F6A553F0F3582BE3A3F9DC5CCFA2F27A9D3AAA20E2C0D0AD5746A1
      SHA-512:81DD57C585934D9BF16DA7F1C93678A6F50689931BCAD082F3E660A7FD834FC4C372826F034E91EF0DDB6F8BE20B4C00B634429342BDF2B34756BD36D90D5356
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 10:13:56.475.EXCEL (0x19DC).0x19D8.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":15,"Time":"2024-10-21T10:13:56.475Z","Contract":"Office.System.Activity","Activity.CV":"i8mDNKCS70Ccyh8hXQndcA.1.10","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/21/2024 10:13:56.491.EXCEL (0x19DC).0x19D8.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":17,"Time":"2024-10-21T10:13:56.491Z","Contract":"Office.System.Activity","Activity.CV":"i8mDNKCS70Ccyh8hXQndcA.1.11","Activity.Duration":10419,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersion"
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Microsoft OOXML
      Category:dropped
      Size (bytes):3217
      Entropy (8bit):4.595212143712381
      Encrypted:false
      SSDEEP:
      MD5:E286FA98CCA1E447A39BD18CDE0F289E
      SHA1:998721856DB600324059C3A878D4FA00BA1C34D8
      SHA-256:5CD89EB564786483D170CBFCB5FB4705957102EA1F2FA241B41A87580A556FFF
      SHA-512:BC5B1933315E1C1207C942667C6CCA0F82701031ADDDF3D2F3489027F3CD1BF6D53FC23487C72CBAC069CDAE5CAE7F19806F78B1AF92B96C510CF635FC3B2497
      Malicious:false
      Reputation:unknown
      Preview:PK..........!..!..............[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0...H...W.8p@.%.#.P...7.....}{6m...H...o<.W.iT{..ch.@a....7.y/.@......6pD.U{{So..I.:P..sz...2&.2.b...1.:..5=.z.6............. ..$.G..r^.Y...Fo.KR.......JQ.vh...$..y.7...j.w..&.$.v.sL$..X..,..E.#...'."Q*.?0v..(.w..^.\.Cw..O..~.......PK..........!...K............_rels/.rels ...(..............................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):1012
      Entropy (8bit):2.7172323377971637
      Encrypted:false
      SSDEEP:
      MD5:9E966279B49BB683B4458732915F9A9A
      SHA1:631C4C8EE9330E1F7101D7A37408E2749F173C80
      SHA-256:8573BAC862D8713F5286D189DB3BD9997350C4BE1340CC8B5489B6A55FCEF71F
      SHA-512:183734A6A566A24CF60A87625AD8C939B42E000F746306B7439219708E3D26C86970AB270A56996E938DDBA9A6D47C6FC9D76904AA9DBE9F2E6B2D4D44B139E5
      Malicious:false
      Reputation:unknown
      Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.1.2.5.,.2.5.5.0.5.0.8.8.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.7.0.0.9.9.8.4.,.1.2.2.3.4.3.4.,.4.5.8.4.0.2.3.2.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.1.7.6.1.9.5.9.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.1.0.0.1.,.2.4.6.0.9.2.5.8.,.6.3.6.4.3.3.7.,.6.5.4.0.2.1.5.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.3.1.4.1.5.9.0.0.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (858), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.006725240661879909
      Encrypted:false
      SSDEEP:
      MD5:D3281280563F8E3A7392C9B6D07389E4
      SHA1:E9B438DE89FDD39FA28BAE0AC284E9F5D681E89D
      SHA-256:9B2B5F78DA879C19A830B827D974D4FC316CC3E542ACD6ECD4B93A0A1C640E8F
      SHA-512:1312006C9127DC018D06E2E43C805A9B2A5CC010EDDFF1BD40704AD0A5D4BF05973AEBBF11E9D08C183EFB5C2ECE2F882A7E8EE2E65DE39BF56A624D6930857E
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 10:13:45.348.OUTLOOK (0xB24).0x11B4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-21T10:13:45.348Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"C7A46E6D-4132-4FC8-866E-A372FA2CC6D8","Data.PreviousSessionInitTime":"2024-10-21T10:13:29.601Z","Data.PreviousSessionUninitTime":"2024-10-21T10:13:32.507Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/21/2024 10:13:45.379.OUTLOOK (0xB24).0x1B20.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (28737), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.1608624588713111
      Encrypted:false
      SSDEEP:
      MD5:4C48B43CD726AF55EABDD92360793865
      SHA1:A759DCDD6E4AF64788ED64E1A5279788D7DBC00C
      SHA-256:2A13D435AB897FD7A7C806B435B4490E301AE6ECFA89AE252F56277B48185BCD
      SHA-512:76A00E288992AA89A5E7161732C6E8F0EE69345BCD023622A88B40AC4282E2AE598F756608D0B85A31BF2FFCF2E079E332BECBDBAC6B88B53C9CDAC7A9923FE2
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 10:14:49.670.OUTLOOK (0x44).0x1A6C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-10-21T10:14:49.670Z","Contract":"Office.System.Activity","Activity.CV":"ULNnvglq7Eaf4zYn+DqMOw.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/21/2024 10:14:49.685.OUTLOOK (0x44).0x1A6C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-10-21T10:14:49.685Z","Contract":"Office.System.Activity","Activity.CV":"ULNnvglq7Eaf4zYn+DqMOw.4.12","Activity.Duration":13046,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVers
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):1012
      Entropy (8bit):2.7172323377971637
      Encrypted:false
      SSDEEP:
      MD5:A65AB3C8FA8F3ABF5FFDC64A9640F90A
      SHA1:A432ED3CB991B8A3C3C89EE26C517950C68AF837
      SHA-256:139679EB7FD305E87F0F254444E8FB9FE544FC7AF1D4776AE474AB326AEC8BA5
      SHA-512:18C3C5D102A782425DD0CAA574C278269CE4B3C066DD5089E6B5F0710BEDA13F34F725350974B809D1956134FB1BF967694C6C04F80357BCE7DCFAEBCC65AEDC
      Malicious:false
      Reputation:unknown
      Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.7.0.0.9.9.8.4.,.1.2.2.3.4.3.4.,.4.5.8.4.0.2.3.2.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.1.7.6.1.9.5.9.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.3.1.4.1.5.9.0.0.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:modified
      Size (bytes):135168
      Entropy (8bit):4.704289393993995
      Encrypted:false
      SSDEEP:
      MD5:CBCF57E805E0F9B616758F070F1B1571
      SHA1:1602EBF72FF0706D05960C5C709C018CB27B2B4E
      SHA-256:E4D363A59A4217C8C8B9D09BA7F3D0831F4542875000D0FD972A4473F21363A0
      SHA-512:2E530D9270D2662707FDCB6CF670A66ECE0CB6F4401C1A35B7D0BA0575A3F439197B0B7A33A6624F4A1182E4C51CCA97341027C3A61C4FAA5A94E806CCFF3975
      Malicious:false
      Reputation:unknown
      Preview:............................................................................^.......$...msx.#..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................s=..Y..........msx.#..........v.2._.O.U.T.L.O.O.K.:.b.2.4.:.6.9.5.3.2.a.3.b.e.2.8.4.4.8.5.e.a.0.c.5.e.d.a.3.d.6.8.c.a.7.b.5...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.1.T.0.6.1.3.4.5.0.1.2.5.-.2.8.5.2...e.t.l.........P.P.....$...msx.#..........................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):86016
      Entropy (8bit):4.368257645067489
      Encrypted:false
      SSDEEP:
      MD5:EA39E8E5398EB67D9CCC983976B64D15
      SHA1:D391C8CCCC308F702383AA17D0C83B1FA8C889BA
      SHA-256:8D7FA1F963516C3FA2A504D68427A8DE092A25641F47C5A2993F9A0870FE55E9
      SHA-512:643FEB28F0883E3C453816757D3F271ED0B1B2401BCA7D06D9696081C5C273ADE8763CACF42B70C9315E7479C7849B056448CC3EB2CF11A7A7D905F83A95720F
      Malicious:false
      Reputation:unknown
      Preview:............................................................................X...l...D...p....#..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................s=..Y..........p....#..........v.2._.O.U.T.L.O.O.K.:.4.4.:.9.3.b.9.9.3.5.3.5.b.c.c.4.c.1.6.b.7.6.3.a.e.6.5.3.4.c.0.1.c.1.a...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.1.T.0.6.1.4.4.9.0.3.2.2.-.6.8...e.t.l.......P.P.l...D...p....#..................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):737280
      Entropy (8bit):6.860381051718744
      Encrypted:false
      SSDEEP:
      MD5:0D537547AA849CD0F0C6B5C606DABF14
      SHA1:03125DB853B66744DA5EA68FCA50CCA973568D7A
      SHA-256:D56956D863F5E81887E21FC572B046B85A3A1864B2E7824B1EF125FA8FCBB380
      SHA-512:DFC5AA0CA9C594AB96FED703F6EF6D71C5BED182722CD743B2C811B47D39AD0DBEA42461989EDFC7D186A5BE317E71624F251D3403B4E120E46E1886A55DD68D
      Malicious:false
      Reputation:unknown
      Preview:......i........o./0..;.m0.....kv....k....a....Z..7.S....~.....}..f..b.0...z..;.~.j.xJo.{.l.b..'w.6.xj....8...rU../...s.2....+\...bY.Q...>.e.n..[`u....c..G....g3G.l?r!......t..8M....E......8....U#..oN....y..ub';.~...v'.S.....Q....I....>...}.H.?.....<.:..:L}....M.k......M..'.C...Sn.P..8?V....Au:C..a7..m..b.~.....?..-...).p..S.....Q.P......N%..G...T.bu:..X.....~r...?.[`u.)......O.9...g.k5x..0...;5.C....5x.H.#..'u&..}.......r..g..q.hvl.(...Y...ql..5]Wc.....l...__>G..I..S..~....}Sb.Ya.Y..y$9E.......K...r>l..t..y[;',.`....k..o....7...ka.s...VJ...........,.\...vS....R}>..:.....0tf...A.n.W..z...A.....2.Am.>....^sM.)..<.l^...[.V..O}...s.9........Y...k.. y..M..r.{.....g.S}........x...8.A9...._`.a.....5..v.[.{..3;.S.qw.g2=....]..~.h..G.}..v&..Q#.j........{..B.....NG.....p=9.G.z..c...[`n'w..`kcp.;......4..._..'3X4;..4.-.[.M`.j\..tlF....:....R~..3..=`.4~.<.p.~O.X..<mc`u.`..j..@R..S.)......ks.a.{::T.....K.S....X].J...I...*..........`7.f..9.`4v.\
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 21 06:17:53 2024, Security: 1
      Category:dropped
      Size (bytes):868352
      Entropy (8bit):6.997406160535153
      Encrypted:false
      SSDEEP:
      MD5:E7D6BA07646E91330D71F3A1196A20E0
      SHA1:4D9BB802929F645879E4D4BB0CA2BD7B6D90FCC5
      SHA-256:E962F2BAB8A328A8E3891A9A07D57736D4198A0AC98C76204B0EE0558E116DFA
      SHA-512:2E3262BC20E5082036873B965C0AC14774E6F4037E1B8404D8B5A44301D7A8FF9DA342A5A7D90E6B8552048ACFB657E91E45DA164AFD6AF3D5FBA7D4F5749F87
      Malicious:true
      Antivirus:
      • Antivirus: Joe Sandbox ML, Detection: 100%
      • Antivirus: Joe Sandbox ML, Detection: 100%
      • Antivirus: Joe Sandbox ML, Detection: 100%
      • Antivirus: Joe Sandbox ML, Detection: 100%
      Reputation:unknown
      Preview:......................>...............................................................U...V...W.......0...............m.......o.......................................................................................................................................................................................................................................................................................................................................................................................................T......./........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):679936
      Entropy (8bit):6.144691673908828
      Encrypted:false
      SSDEEP:
      MD5:A6BC67C3A4182D1D2220725FF9D43DBE
      SHA1:588E23174B3EADE50C90B9A6D019A0669D5402A1
      SHA-256:FA86B9B0EC48B8AB468AA358B92D1055ECB8D8D44773A9A20FB7228E0DB983AE
      SHA-512:DA1DEA73F9B764B4BBDF08078F13CDE29DE5C80A41A16D5A6A06E6A6043B54B810ED11BFA2316753C347AC40B0B81E94FB3514A490AA660295F2E47496A53412
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Reputation:unknown
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Applesoft BASIC program data, first line number 16
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:FE0F1E1F0DE667629894ADF6384D8017
      SHA1:DF211D2D734D67CB7F4A40A9BBBE0D6886686DC0
      SHA-256:C63CA12CD7DCA2167E388481742EB3BADCD697BB35EA444D2538136232A657AE
      SHA-512:6F0D8A62542930DDC181DEB82B17FE9A483967487167B6302987D2B2F93CD63BDA76F0813832575A6C2C6C5895C0D4FE7B720E7D5F780FCDD9282B1241A953F1
      Malicious:false
      Reputation:unknown
      Preview:........ZO.......................................................q...q...............q...q...............q...q.....................................................................................................................#.h.#.h.............#.h.#.h.............#.h.#.h..................................#.1.#.1.............#.1.#.1.............#.1.#.1..................................#...#...............#...#...............#...#....................................#.,.#.,.............#.,.#.,.............#.,.#.,......................................................................................................................................................................................................_..._..............._..._..............._..._................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Applesoft BASIC program data, first line number 16
      Category:dropped
      Size (bytes):10428
      Entropy (8bit):2.752679275500932
      Encrypted:false
      SSDEEP:
      MD5:1413A4BE24F18D2911B9E1E57D704E78
      SHA1:7114E466DB7344B1651D3E6D32FDD2ECB9B38D57
      SHA-256:3AF940F3489FAF7004F1D6E28D479887DDD451BA8892141E61B7F430AA6BE85C
      SHA-512:0F75B863A882CB446DDD7E24C07C03B5518F6AD58F0BEFDA95FBAF172FC583D14855D8432A7E3F2233E1E0079A59D12EB0C241EB8F9FE3D4D9B9D2DC7E8C80CB
      Malicious:false
      Reputation:unknown
      Preview:........ZO.......................................................c...c...............c...c...............c...c.....................................................................................................................5...5...............5...5...............5...5......................................T...T...............T...T...............T...T..................................T...T...............T...T...............T...T......................................_..._..............._..._..............._..._..................................&...&...............&...&...............&...&......................................1...1...............1...1...............1...1.....................................................................................................................<...<...............<...<...............<...<...............................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Applesoft BASIC program data, first line number 16
      Category:dropped
      Size (bytes):10428
      Entropy (8bit):3.4686515569282035
      Encrypted:false
      SSDEEP:
      MD5:FE0F1E1F0DE667629894ADF6384D8017
      SHA1:DF211D2D734D67CB7F4A40A9BBBE0D6886686DC0
      SHA-256:C63CA12CD7DCA2167E388481742EB3BADCD697BB35EA444D2538136232A657AE
      SHA-512:6F0D8A62542930DDC181DEB82B17FE9A483967487167B6302987D2B2F93CD63BDA76F0813832575A6C2C6C5895C0D4FE7B720E7D5F780FCDD9282B1241A953F1
      Malicious:false
      Reputation:unknown
      Preview:........ZO.......................................................q...q...............q...q...............q...q.....................................................................................................................#.h.#.h.............#.h.#.h.............#.h.#.h..................................#.1.#.1.............#.1.#.1.............#.1.#.1..................................#...#...............#...#...............#...#....................................#.,.#.,.............#.,.#.,.............#.,.#.,......................................................................................................................................................................................................_..._..............._..._..............._..._................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Applesoft BASIC program data, first line number 16
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:FE0F1E1F0DE667629894ADF6384D8017
      SHA1:DF211D2D734D67CB7F4A40A9BBBE0D6886686DC0
      SHA-256:C63CA12CD7DCA2167E388481742EB3BADCD697BB35EA444D2538136232A657AE
      SHA-512:6F0D8A62542930DDC181DEB82B17FE9A483967487167B6302987D2B2F93CD63BDA76F0813832575A6C2C6C5895C0D4FE7B720E7D5F780FCDD9282B1241A953F1
      Malicious:false
      Reputation:unknown
      Preview:........ZO.......................................................q...q...............q...q...............q...q.....................................................................................................................#.h.#.h.............#.h.#.h.............#.h.#.h..................................#.1.#.1.............#.1.#.1.............#.1.#.1..................................#...#...............#...#...............#...#....................................#.,.#.,.............#.,.#.,.............#.,.#.,......................................................................................................................................................................................................_..._..............._..._..............._..._................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):30
      Entropy (8bit):1.2389205950315936
      Encrypted:false
      SSDEEP:
      MD5:E8163BA373727E4E029F9923207FAC1D
      SHA1:B7624BA152E4EB30D4413FB44201A8346ACA7EF4
      SHA-256:6B2C9BA21D681D5ABE0972D6D8AB6545979083EEFEF6C2ED81237C54DB33B61C
      SHA-512:4753008A7D8C2D1012D77CFFFF02100C6D2A1459FCB29C73DAFEA8DAE03A2EA14F132954606427A48FD9A8342DD79F28C6226C05318624C0E6637AA2A14F6DEF
      Malicious:false
      Reputation:unknown
      Preview:..............................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:9FF677FC330A7DA275D03FB50F003292
      SHA1:2D2958319FD95829A5AC3BCF7DA3D2449D413937
      SHA-256:338FF85AC85A44E091FE480F95DDD70383796D0BC479106E35F70BC776E9653E
      SHA-512:6838AB018ED25648A4AFE8872AE2FE852BE9DCB809090D0EACA8DCC02601EB662F4AF3728C18FB6DAD23AE00B81B628932650274CA41E5A82AF0049E5F88B6FA
      Malicious:false
      Reputation:unknown
      Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:modified
      Size (bytes):162
      Entropy (8bit):3.65370663213872
      Encrypted:false
      SSDEEP:
      MD5:D0FDB7AA34A263A2B47480B5F59DC36D
      SHA1:7F3FD8611E06DC7B89391E3116DCBE6932AACF64
      SHA-256:6428757C14606F1834BB8AC9DB83A911F8F59DC89C6493249D599170672745EF
      SHA-512:B5DC02850ED97F2924C2666B66E24898E50CC03439713A807188BBF774F40ADF8F51F7C1F02C3384859CF44600AE3C69F966BAD31C2ADFEBB0760BDC805DC779
      Malicious:false
      Reputation:unknown
      Preview:.user...................................................c.a.l.i...$CO..<.u....PV.......XO.Xz-dM....CO....b....PV.......iO.hVu.@..@..M...........@..PV..8YO..iO.
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):19618
      Entropy (8bit):7.475613138424258
      Encrypted:false
      SSDEEP:
      MD5:9FF677FC330A7DA275D03FB50F003292
      SHA1:2D2958319FD95829A5AC3BCF7DA3D2449D413937
      SHA-256:338FF85AC85A44E091FE480F95DDD70383796D0BC479106E35F70BC776E9653E
      SHA-512:6838AB018ED25648A4AFE8872AE2FE852BE9DCB809090D0EACA8DCC02601EB662F4AF3728C18FB6DAD23AE00B81B628932650274CA41E5A82AF0049E5F88B6FA
      Malicious:false
      Reputation:unknown
      Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):14
      Entropy (8bit):2.699513850319966
      Encrypted:false
      SSDEEP:
      MD5:C5A12EA2F9C2D2A79155C1BC161C350C
      SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
      SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
      SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
      Malicious:false
      Reputation:unknown
      Preview:..c.a.l.i.....
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Outlook email folder (>=2003)
      Category:dropped
      Size (bytes):2302976
      Entropy (8bit):3.8493771256826435
      Encrypted:false
      SSDEEP:
      MD5:D760CEF84442B82E35E9245D75C61106
      SHA1:32630DDA682B6F956F7914080F9EDBEBB93A9930
      SHA-256:DFF1B26C80B45827E5A9981A856FA5A648291498484C45265A015F4953755451
      SHA-512:DE42D0AB6957DE334B767335D90D6D57D82233AF2BDAA61AEC0D68D612642A82DF4B6E5E5C594C335EF392E530E9D27EEC3EF0A7EABFE12314F1BC53C86088A0
      Malicious:false
      Reputation:unknown
      Preview:!BDN..DSM......\...............V.......c................@...........@...@...................................@...........................................................................$#......D......@.".............D...............H...................................................................................................................................................................................................................................................................................................`$.qs.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      File type:RFC 822 mail, ASCII text, with CRLF line terminators
      Entropy (8bit):5.565212902268365
      TrID:
      • E-Mail message (Var. 5) (54515/1) 100.00%
      File name:Message_2530136.eml
      File size:1'205'172 bytes
      MD5:b1244297b6385c4850c57a41e5d3ad11
      SHA1:03908a60b778c2e87ad9552f231f5e251cfee128
      SHA256:5941699f83b93d332c3e07a566372ac3ec099ab259e81c1c8532e43c73c0220c
      SHA512:30de4b3c58534399e29b4bcbe5d4d632f28420e6e8cfb0e13c5aaa2966c0c7084e2ad0f2de018499f6bbe31c6ab3ac17b75dc834c5d6b4071a75ac055c0f919d
      SSDEEP:12288:qZa7orklQdo1iiCGt1KPnCeygj6UFpkj6E5Ch/EKwd0UowAnGwRc38YDroWIOam:sLrk+u1iiCGTcLuap45Ch8Ko0UTAGD8s
      TLSH:D6454A350B46BFDE0FA67B848C083E022C6C99977219E095EDF875F524B6065FF68CA4
      File Content Preview:Received: from server.awsamazongroup.asia (unknown [108.163.195.26])...(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))...(No client certificate requested)...by mail1.domain-information-deleted (Postfix) with ESMTPS...for <info@domain-informat
      Subject:Remittance Advice - payment reference: 3800802
      From:FLSmidth Financial Services <remittance@flsmidth.com>
      To:info@domain-information-deleted
      Cc:
      BCC:
      Date:Mon, 21 Oct 2024 03:48:36 -0500
      Communications:
      • Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' *************************************************************************** Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' *************************************************************************** Dear Sir/Madam, The remittance advice for the payment made vide our payment document number 3800802 is attached. This advice is for your reference only. Yours faithfully, FLSmidth Financial Services *************************************************************************** This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded. For clarifications, if any, please write to 'services@flsmidth.com' ***************************************************************************
      Attachments:
      • Remittance Advice.xls
      Key Value
      Receivedfrom [108.178.43.74] (port=59396 helo=error-no-valid-domain.com) by server.awsamazongroup.asia with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from <remittance@flsmidth.com>) id 1t2o5e-00000009UDx-32ax for info@domain-information-deleted; Mon, 21 Oct 2024 08:48:37 +0000
      DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=continentalvora.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date :Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6i6Kb2p/967R4FyrsZILH/eFIQKIbB2dBkedcx6MuCo=; b=UrIyK0f0OvbKPaOZE0nJPNPRFw PuldJLkG5CW+25dZXZFJ/kG48LKnyZe+3UfF6bPZuoes1ihvfRAxgANvdP0N/VJE+u5XOH4I0f1N3 /GvA7mYBTjYTUl50lY2Es9TLOFAUA3bxLXnjl1HdA0J2tufAMt1TvXYucaSm9q+/oZft0/rdgAO/Q 1fhuj6biy4ev3y61vV0d/NnGprq74obXy8QN5D6BeLXtV8ccIqR6TDRllN/uyFp+ffzIGMI/x+v65 xQ7MSWQrLetDFbxY8YmnXofabk4QTkZ3nvAjixPZDGXKW5SJE2AA9wPwH1dlIfxWu7N8kmqJgJ26T BDygaasA==;
      FromFLSmidth Financial Services <remittance@flsmidth.com>
      Toinfo@domain-information-deleted
      SubjectRemittance Advice - payment reference: 3800802
      DateMon, 21 Oct 2024 03:48:36 -0500
      Message-ID<20241021034836.CEA180A27634B337@flsmidth.com>
      MIME-Version1.0
      Content-Typemultipart/mixed; boundary="----=_NextPart_000_0012_9C821F0D.7BB51E0E"
      X-AntiAbuseSender Address Domain - flsmidth.com
      X-Get-Message-Sender-Viaserver.awsamazongroup.asia: authenticated_id: gmx@continentalvora.com
      X-Authenticated-Senderserver.awsamazongroup.asia: gmx@continentalvora.com

      Icon Hash:46070c0a8e0c67d6