Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg

Overview

General Information

Sample name:Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg
Analysis ID:1540508
MD5:8f1aa8accba17e4ea3f911487231c9e2
SHA1:e13407d9a4053998e4b6981f0857aeafe6fa2949
SHA256:a6f880e2af0ca126de471b630c9cb4e98fee53761ab0cb66120afbc05f07b854
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

  • System is w10x64
  • OUTLOOK.EXE (PID: 3228 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5652 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DE7A1F7-8B1A-44DD-AC11-E234434E3029" "FA965654-EA2B-4E46-BF54-7E82D821F0C2" "3228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup
No configs have been found
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3228, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msgString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.aadrm.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.aadrm.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.cortana.ai
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.microsoftstream.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.office.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.onedrive.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://api.scheduler.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://app.powerbi.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://augloop.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://augloop.office.com/v2
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://canary.designerapp.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.entity.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msgString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cortana.ai
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cortana.ai/api
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://cr.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://d.docs.live.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dev.cortana.ai
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://devnull.onenote.com
Source: Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msgString found in binary or memory: https://dezbelz.store/gesp/xls/C1e2l3l4a5r.js
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://directory.services.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ecs.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://edge.skype.com/rps
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://graph.windows.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://graph.windows.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ic3.teams.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://invites.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://lifecycle.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.microsoftonline.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drString found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drString found in binary or memory: https://login.windows.localnullD
Source: OUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drString found in binary or memory: https://login.windows.localnullffi
Source: OUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drString found in binary or memory: https://login.windows.localtloR
Source: App1729710243901109800_F1E53BAF-D397-4BFD-95AD-1E87A0C19F20.log.0.drString found in binary or memory: https://login.windows.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://make.powerautomate.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://management.azure.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://management.azure.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.action.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://messaging.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://mss.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ncus.contentsync.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officeapps.live.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officepyservice.office.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://onedrive.live.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office365.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office365.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://powerlift.acompli.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://res.cdn.office.net
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://service.powerapps.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://settings.outlook.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://staging.cortana.ai
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://substrate.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://tasks.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://webshell.suite.office.com
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://wus2.contentsync.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: AD55B441-335A-4AB7-972E-3B4626713FF9.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/18@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DE7A1F7-8B1A-44DD-AC11-E234434E3029" "FA965654-EA2B-4E46-BF54-7E82D821F0C2" "3228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DE7A1F7-8B1A-44DD-AC11-E234434E3029" "FA965654-EA2B-4E46-BF54-7E82D821F0C2" "3228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Modify Registry
LSASS Memory12
System Information Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1540508 Sample: Caller left VM MSg e697b597... Startdate: 23/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 95 125 2->5         started        process3 7 ai.exe 5->7         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://login.windows.net0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    unknown
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    217.20.57.40
    truefalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://login.microsoftonline.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://shell.suite.office.com:1443AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://designerapp.azurewebsites.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://autodiscover-s.outlook.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://useraudit.o365auditrealtimeingestion.manage.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://outlook.office365.com/connectorsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://cdn.entity.AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://api.addins.omex.office.net/appinfo/queryAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://clients.config.office.net/user/v1.0/tenantassociationkeyAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://powerlift.acompli.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://rpsticket.partnerservices.getmicrosoftkey.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://lookup.onenote.com/lookup/geolocation/v1AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://cortana.aiAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://api.powerbi.com/v1.0/myorg/importsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://cloudfiles.onenote.com/upload.aspxAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://entitlement.diagnosticssdf.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://api.aadrm.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://ofcrecsvcapi-int.azurewebsites.net/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://canary.designerapp.AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://ic3.teams.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://www.yammer.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
      • URL Reputation: safe
      unknown
      https://api.microsoftstream.com/api/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
        unknown
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
        • URL Reputation: safe
        unknown
        https://cr.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
        • URL Reputation: safe
        unknown
        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
          unknown
          https://messagebroker.mobile.m365.svc.cloud.microsoftAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
          • URL Reputation: safe
          unknown
          https://otelrules.svc.static.microsoftAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            unknown
            https://portal.office.com/account/?ref=ClientMeControlAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://edge.skype.com/registrar/prodAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://graph.ppe.windows.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://res.getmicrosoftkey.com/api/redemptioneventsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://powerlift-frontdesk.acompli.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://tasks.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
            • URL Reputation: safe
            unknown
            https://login.windows.localROUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drfalse
              unknown
              https://officeci.azurewebsites.net/api/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
              • URL Reputation: safe
              unknown
              https://sr.outlook.office.net/ws/speech/recognize/assistant/workAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
              • URL Reputation: safe
              unknown
              https://login.windows.localtloROUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drfalse
                unknown
                https://api.scheduler.AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                • URL Reputation: safe
                unknown
                https://my.microsoftpersonalcontent.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                  unknown
                  https://store.office.cn/addinstemplateAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://api.aadrm.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://edge.skype.com/rpsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://outlook.office.com/autosuggest/api/v1/init?cvid=AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    unknown
                    https://globaldisco.crm.dynamics.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://messaging.engagement.office.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://dev0-api.acompli.net/autodetectAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://www.odwebp.svc.msAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://api.diagnosticssdf.office.com/v2/feedbackAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://api.powerbi.com/v1.0/myorg/groupsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://web.microsoftstream.com/video/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://api.addins.store.officeppe.com/addinstemplateAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://graph.windows.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://dataservice.o365filtering.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://login.windows.localnullDOUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drfalse
                      unknown
                      https://officesetup.getmicrosoftkey.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://analysis.windows.net/powerbi/apiAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://prod-global-autodetect.acompli.net/autodetectAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://substrate.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://outlook.office365.com/autodiscover/autodiscover.jsonAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://consent.config.office.com/consentcheckin/v1.0/consentsAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://d.docs.live.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                        unknown
                        https://safelinks.protection.outlook.com/api/GetPolicyAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://ncus.contentsync.AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          unknown
                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          • URL Reputation: safe
                          unknown
                          http://weather.service.msn.com/data.aspxAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://apis.live.net/v5.0/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://officepyservice.office.net/service.functionalityAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://login.windows.localnullffiOUTLOOK_16_0_16827_20130-20241023T1504020252-3228.etl.0.drfalse
                            unknown
                            https://templatesmetadata.office.net/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://messaging.lifecycle.office.com/AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://mss.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://pushchannel.1drv.msAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://management.azure.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://outlook.office365.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://login.windows.netApp1729710243901109800_F1E53BAF-D397-4BFD-95AD-1E87A0C19F20.log.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://wus2.contentsync.AD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://incidents.diagnostics.office.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://clients.config.office.net/user/v1.0/iosAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://make.powerautomate.comAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://api.addins.omex.office.net/api/addins/searchAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://insertmedia.bing.office.net/odc/insertmediaAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://outlook.office365.com/api/v1.0/me/ActivitiesAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://api.office.netAD55B441-335A-4AB7-972E-3B4626713FF9.0.drfalse
                            • URL Reputation: safe
                            unknown
                            No contacted IP infos
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1540508
                            Start date and time:2024-10-23 21:02:57 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 37s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg
                            Detection:CLEAN
                            Classification:clean1.winMSG@3/18@0/0
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Found application associated with file extension: .msg
                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 199.232.210.172, 51.105.71.136
                            • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprduks00.uksouth.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • VT rate limit hit for: Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg
                            No simulations
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comfile.exeGet hashmaliciousStealcBrowse
                            • 217.20.57.34
                            https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1Get hashmaliciousUnknownBrowse
                            • 217.20.57.18
                            otq9AG1EIk.exeGet hashmaliciousUnknownBrowse
                            • 217.20.57.26
                            https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ftejasviolin.com%2Fcharlieir%2FXHVsNVYTNZSjG4S2Sb86eRml/amNoaW5mb0BqdW1laXJhaC5jb20=Get hashmaliciousHTMLPhisherBrowse
                            • 84.201.210.20
                            https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                            • 217.20.57.35
                            https://docsend.com/view/gb9whc4k6gn6chkz&c=E,1,wGDGKBMueFLKpJs-qPSCh29y_I5pYyQPDuFeaCJFxrOAE1Kun3vTUMTaIbXig6FBfJSuG3tOPwokmZR5pHF_m4WM-RKKIiqLy4X55qIZUK1djA8,&typo=1Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                            • 217.20.57.34
                            https://www.instagram.com/reel/DBWVgoCoDqq/?igsh=aXdnZTl2NGIwdXN5Get hashmaliciousUnknownBrowse
                            • 217.20.57.26
                            http://jfjle4g5l.com/aas/r45d/vki/2021500/tghr.jsGet hashmaliciousUnknownBrowse
                            • 217.20.57.22
                            https://www.gn3atrk.com/DRDPB6M/361N8SL9/?sub1=WoeGet hashmaliciousUnknownBrowse
                            • 217.20.57.26
                            top_25_domains.xlsGet hashmaliciousUnknownBrowse
                            • 217.20.57.18
                            bg.microsoft.map.fastly.netInvoice.docmGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            https://app.any.run/tasks/b041ecda-4b41-4fca-8d52-41ef98c121feGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.9.28105.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            https://boulos.pages.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 199.232.210.172
                            https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            juwXcVX5AK.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            b157p9L0c1.exeGet hashmaliciousVidarBrowse
                            • 199.232.214.172
                            igCCUqSW2T.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            juwXcVX5AK.exeGet hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            No context
                            No context
                            No context
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                            Category:dropped
                            Size (bytes):4770
                            Entropy (8bit):7.946747821604857
                            Encrypted:false
                            SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                            MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                            SHA1:719C37C320F518AC168C86723724891950911CEA
                            SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                            SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):3.276040995845481
                            Encrypted:false
                            SSDEEP:6:kK/olzsN+SkQlPlEGYRMY9z+s3Ql2DUevat:QTkPlE99SCQl2DUevat
                            MD5:5C758D40A99A0CD08692CB32C8ABB3EA
                            SHA1:6944D6CE33D187A7356AE656D450B927915A8ABF
                            SHA-256:BC08435B2870D6C917A7FFD55F50AA91F396BA8811E7F84E477B1C05AAC4E4EB
                            SHA-512:4555A0B117010011C573AD75FD293A36E6B1E2AC0EAF437598293C6FC4ACE82F65E74A7A07E6D40412E5B7EBAB4154B5D0CBE469F84B04EC0EFA75B64AF8CA8A
                            Malicious:false
                            Reputation:low
                            Preview:p...... .........x<Y~%..(....................................................... .........p.........$.....(=........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):231348
                            Entropy (8bit):4.390487304937417
                            Encrypted:false
                            SSDEEP:1536:vqYLdKgsrgsgM+pYCgs0hNcAz79ysQqt262ueqoQ69rcm0FvjxHylMMknHCzHZSU:ZAg7Nng3miGu2bqoQwrt0Fv4NqGQMsnY
                            MD5:8D18F3DCC2C160B76C6E257A7CF83D95
                            SHA1:5CA5711EC39B74930B4E58C64D922B36E5D8B673
                            SHA-256:AA69979CC87EC0A2B82EDB0BE83DD03054C6C4397A539FBF400AF7AB6A048E8F
                            SHA-512:293DB2461DD3FA2BED897DDF8D2A6AA48F2A50F9D7025D1CAE22C01059BE90B2743E931FFDA061C32E61007E9929066794E86D43A79900FE564BD1992EBB667E
                            Malicious:false
                            Reputation:low
                            Preview:TH02...... ...6H~%......SM01X...,.....*H~%..........IPM.Activity...........h...............h............H..h..o.......dN...h........X..H..h\alf ...AppD...h...0.....o....h..%'...........h........_`.j...h.%'@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. hS.1.....0.o...#h....8.........$hX......8....."hX.............'h..>...........1h..%'<.........0h....4.....j../h....h......jH..h.u..p.....o...-h .......\.o...+h..%'......o................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:ASCII text, with very long lines (65536), with no line terminators
                            Category:dropped
                            Size (bytes):322260
                            Entropy (8bit):4.000299760592446
                            Encrypted:false
                            SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                            MD5:CC90D669144261B198DEAD45AA266572
                            SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                            SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                            SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:ASCII text, with no line terminators
                            Category:modified
                            Size (bytes):10
                            Entropy (8bit):2.7219280948873625
                            Encrypted:false
                            SSDEEP:3:LMyR:HR
                            MD5:1D4C1F5E835D97B2CEB67EE9F3B113DD
                            SHA1:C7C0E7C09C6FC862D360EC1299C0A4575B63ADFF
                            SHA-256:EC19CB668853C9BE5C78921D8061F2DDF55FC8971DB21033E0E95B469030E236
                            SHA-512:602B586E8C78E2EF3B5644ABE77D60A2568E8EBD12C799703DE48511F4CDDB046F19C87A50B7349715BE9E5E06565F975A3F98804D1840B2E265F23D4FC6C1B7
                            Malicious:false
                            Reputation:low
                            Preview:1729710254
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):178267
                            Entropy (8bit):5.290282580148542
                            Encrypted:false
                            SSDEEP:1536:1i2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:TCe7HW8QM/o/TXgk9o
                            MD5:D0F19DC9BEA42010953C5B7E66CD08EB
                            SHA1:DFAFCFA7D37D3BC3D451DD61B73C9077087754A8
                            SHA-256:EE2A7B792F372360907EBEDF02154DF4E49D7A8049ED0F532B7584EC5FD484E6
                            SHA-512:CE6CD37BB6BA85D5CA47873B5371F804F0BE3FF0887BC16C00BB22426760019DF5F2D13920EBDC594F6B0C50B0DF233EAA24B35132B5856C91825C3EF8013A83
                            Malicious:false
                            Reputation:low
                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-23T19:04:07">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):0.09216609452072291
                            Encrypted:false
                            SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                            MD5:F138A66469C10D5761C6CBB36F2163C3
                            SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                            SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                            SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                            Malicious:false
                            Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):4616
                            Entropy (8bit):0.13760166725504608
                            Encrypted:false
                            SSDEEP:3:7FEG2l+8wqlk/l/FllkpMRgSWbNFl/sl+ltlslVlllfll8:7+/lDR+vg9bNFlEs1EP/s
                            MD5:132C58443B432E4DD8D9981DC0D6ED7E
                            SHA1:37F10724D67E7916E7F4727CD67C9246504E7290
                            SHA-256:07B3F54783F1F3A83CBB1F3228A3ABEBE6E3D9E372C32DB65C2E413170905449
                            SHA-512:FA845B73C488BEC2C081C6B636AA7BB658B69AF5CDF09D1C904ABAE4541C39D70F6EADF52A5F894DAB2BEF4FC545041F51396E184C92036EB10806D0E2B386D4
                            Malicious:false
                            Preview:.... .c.......2/....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):32768
                            Entropy (8bit):0.04462234229792196
                            Encrypted:false
                            SSDEEP:3:G4l2oO63vTiDIYAl2oO63vTiDCmlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2EL8Al2ELYL9XXPH4l942U
                            MD5:14DE6A4DB6C846DB5CA29245134078A4
                            SHA1:5768E71B6B39CF683B7717976BAF65BC5DBF5E76
                            SHA-256:4C52571E957F6E8A53D7BDD3533BBC7A28CF474748EE3771BE855CD064C1A0D1
                            SHA-512:7A1596F4845F36629F967890F32AC9EABD453E59F4B6B83EFA441D346E5C362E003D1C39E516D9190F5FA586774CFE0361C0BA74E24957C0ECD9A8CCB2B59C06
                            Malicious:false
                            Preview:..-.....................e.......S.."t-.j?H......-.....................e.......S.."t-.j?H............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:SQLite Write-Ahead Log, version 3007000
                            Category:dropped
                            Size (bytes):45352
                            Entropy (8bit):0.3937761586531907
                            Encrypted:false
                            SSDEEP:24:KEmpEQ3zRDgAuUll7DBtDi4kZERDSkzqt8VtbDBtDi4kZERDA:epEQ1U3Ull7DYM5zO8VFDYMk
                            MD5:BDB5B9C7673C14F8D3A274459678AE45
                            SHA1:7036BD990D0BAB88D9AF25659CA21C90DA14FF27
                            SHA-256:CBA5FCA216C8E33CFB10D8CB4757CD1E6DBA2660C17292CB0A54C5B6EA72766E
                            SHA-512:3D43F8CFDB66EB00DCBDEB9E300136238E8270FE114A79C0D2A6C682BB422B2797D24D62DFF660C580D1D93A7CE58908B20550AFF4E741D3FC619CC522F84DF8
                            Malicious:false
                            Preview:7....-...........S.."t-..V..Q..........S.."t-...<..]bSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:ASCII text, with very long lines (1978), with CRLF line terminators
                            Category:dropped
                            Size (bytes):20971520
                            Entropy (8bit):0.008669047345263853
                            Encrypted:false
                            SSDEEP:192:JNGOTuk6KTfLFqA+mchHh704N9Z1jbVjsnGqVtwB:JNGyZTfLFqAOB70a9Z1jbVjMGqVtwB
                            MD5:16545759033992EF5517E2AC614B8009
                            SHA1:EBBE041E38C7451DF6060E618CF15F6AD59B9858
                            SHA-256:0E7ED9C020BB7616AC763FFEF702293968E14AE8A6AF4A30DF39FE1BBBE4952D
                            SHA-512:A0D214D87D570A06AADC198BE23A9B98DA7DACD3013504DCFF880654F99752FFBF1ACCC5739CDED183A17F324CA76721322CCA09718227DAC69526C6741A828E
                            Malicious:false
                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/23/2024 19:04:03.970.OUTLOOK (0xC9C).0x1950.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-23T19:04:03.970Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"D334048D-FF9C-415A-8FE3-778AF7D87039","Data.PreviousSessionInitTime":"2024-10-23T19:03:43.335Z","Data.PreviousSessionUninitTime":"2024-10-23T19:03:46.694Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/23/2024 19:04:04.033.OUTLOOK (0xC9C).0xC80.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"T
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):20971520
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3::
                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                            Malicious:false
                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):118784
                            Entropy (8bit):4.676769499297988
                            Encrypted:false
                            SSDEEP:768:XLTn598qZCBkrI4efXpFF/wu/QGI9JqthJQ9Vx8Xdof0IuAhvOqlWiMOzGuVJO8t:w4uFu9AjmGuVJ/JXXDj52Dda
                            MD5:37FBBFC9D8A7D1713AA80B9783F7D267
                            SHA1:28821143A9476DDF229559B951F476C885008B9C
                            SHA-256:F7B255D82257C79DD8CDAE0A12948CF110814035B534E19B237B0F0CCCE66F69
                            SHA-512:CBB76C4A7CB6E38E9258BCFCB0F5DBE47EF85FCF10BCBB8BA958DFD16E6EDF82642F810631E2369D9C8A21F0D71844E8C86BD8DE73518C16888E3A23CDB1EEA3
                            Malicious:false
                            Preview:............................................................................b...P........:.R~%..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................0..I.............:.R~%..........v.2._.O.U.T.L.O.O.K.:.c.9.c.:.d.d.5.3.b.1.7.f.5.2.f.3.4.f.9.7.a.3.5.0.1.6.5.3.f.8.2.b.3.0.b.3...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.3.T.1.5.0.4.0.2.0.2.5.2.-.3.2.2.8...e.t.l.............P.P.P........:.R~%..................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):163840
                            Entropy (8bit):0.3532815276438179
                            Encrypted:false
                            SSDEEP:192:l8uMZ+1Tjpm6lsUPJ9zod3VUlHSjEuv7wbNgz0XHWQOAIAbAn/:l8uM03b3J9AFUllfyz0XHOAIM
                            MD5:BE2C74A2D5FA83D657EE9072CCFB9AD7
                            SHA1:181D92392C4C76FC9FFE7BDE4C5C6FC61AE3B562
                            SHA-256:1146E37790E2EE01F68D83ED7268243E978D09D12429F753D6016530DE09C4F2
                            SHA-512:DA8D261360B017ED082C0BD3F2D2FF18B3A198AE566FC8669B805F3A2DD01D95BABB2CC0B9A3ADA0AD7175ECD3705EA3003A4A02EA9B1E7182D349796C4E66E6
                            Malicious:false
                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):30
                            Entropy (8bit):1.2389205950315936
                            Encrypted:false
                            SSDEEP:3:KKl1:K
                            MD5:B1DCB0EA601D5A3AFF5F023E2A09F86D
                            SHA1:7A8899B168E5C2B57672EEDFA44D8CC1015A54C9
                            SHA-256:5419F65546B01B2450031F198E373D59C53AD226C81CD68F7179B41AF501CE47
                            SHA-512:2737F9E7A0B3C5519EC6C9DDF7B2AAA8A3B51EA445FFFA8F8564127289C944562FCD401DF5A14CDD076E86AA3109E314C4C1C95E7F7749D86309A8921CBD8683
                            Malicious:false
                            Preview:.....h........................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.6698325313078849
                            Encrypted:false
                            SSDEEP:12:rl3baFhqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheC0z2B:r5mnq1Py9610SB
                            MD5:A456EEB5E28BD304648A1A25E2095A78
                            SHA1:423F178A12A807ED501289B96D6CA078806645D6
                            SHA-256:D3BC23403F0D37A0F02EC8B97C3BF623611899C8B3F8B5AC612A122128EE0AFE
                            SHA-512:71A299F6DF8A43C9C7A4B80027882947892862B129116E7DBABC47FA04F980C6FA2A2A92EBC3A19A2BF4B9E0549DD08325149B3596F70609B5A0E962A8E88730
                            Malicious:false
                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:Microsoft Outlook email folder (>=2003)
                            Category:dropped
                            Size (bytes):271360
                            Entropy (8bit):1.5085389813220158
                            Encrypted:false
                            SSDEEP:768:NQcGMS4f/l0+R3RkGzIR5Ll770K4GOj06HI8BUTIZ:W+/dR3R5zaJbb6HIeNZ
                            MD5:43B40BD47FB25BAC2EA9E4F92C876CF8
                            SHA1:B502135636B2E259C5E1423CB2DF1F862AFDE031
                            SHA-256:4B3575C191136FEB8E14A87AF9984A443E564089831DEAA582132AE54F16F0CC
                            SHA-512:094DC571CBC730EF615D266D74F8D1D5D7A4165EC186FEA460B2E1600A8B15BA84FDFB1BA745D54B7D573EE0E0C0C746C2B0F34F3FA6BC53A2247DECDB35CD8C
                            Malicious:false
                            Preview:!BDN`.ysSM......\...i\..................\................@...........@...@...................................@...........................................................................$.......D.......@..........................................................................................................................................................................................................................................................................................................................H..........".9......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):131072
                            Entropy (8bit):0.8493333337700735
                            Encrypted:false
                            SSDEEP:192:KQoOJMMDeaMrzTJsHGr8LOGcdrGGy06htYhi1R434LOz:jXJ5DefqHGrJZHqn1Rj
                            MD5:27DE0F9A7649A8DF6773661223EC5F3D
                            SHA1:2D6966ECBFF7B6F3DE037F80B852420C1D71C300
                            SHA-256:BD92F3A309E4F2FA03B54B917EAE51D261731289749A65110556638D3030308E
                            SHA-512:C9156915512B6885713C71B1B9E8AD9AE6B3F3513579032E08FA10BDC8BC91BDED5E3B255D5AE658D17DCEDBA604A40D41279E98CD1FB5CA1064573597B2B547
                            Malicious:false
                            Preview:....C...W...........lH.P~%....................#.!BDN`.ysSM......\...i\..................\................@...........@...@...................................@...........................................................................$.......D.......@..........................................................................................................................................................................................................................................................................................................................H..........".9..lH.P~%.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
                            File type:CDFV2 Microsoft Outlook Message
                            Entropy (8bit):3.6866989728952433
                            TrID:
                            • Outlook Message (71009/1) 45.36%
                            • Outlook Form Template (41509/1) 26.51%
                            • ClickyMouse macro set (36024/1) 23.01%
                            • Generic OLE2 / Multistream Compound File (8008/1) 5.12%
                            File name:Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg
                            File size:42'496 bytes
                            MD5:8f1aa8accba17e4ea3f911487231c9e2
                            SHA1:e13407d9a4053998e4b6981f0857aeafe6fa2949
                            SHA256:a6f880e2af0ca126de471b630c9cb4e98fee53761ab0cb66120afbc05f07b854
                            SHA512:b7f9902af4e07851c10722a4f6ab6f791f2440e73f10a6ff04786485bb91039b46148de543267c08873f3f9f700f644a239c636a52a47944aa597d5dd362531f
                            SSDEEP:768:79dXXybOvKe1rrqKJ2Avz1uM4iRStzzo/2xuJuJbfa:JlX9V5uMkiRSxs2w3
                            TLSH:8A13CB2538EA411DF277EF711ED4A9DBC95BBDA2BD05954B3081330F0A71D40EA92A3E
                            File Content Preview:........................>......................................................................................................................................................................................................................................
                            Subject:Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02:10:04
                            From:Team ePhone System Notifier-matt.sibilo
                            To:Matt Sibilo <Matt.Sibilo@algoma.com>
                            Cc:
                            BCC:
                            Date:Wed, 23 Oct 2024 20:15:36 +0200
                            Communications:
                              Attachments:
                              • Play_VM.Now.matt.sibilo_Audio.wav...v.html
                              Key Value
                              dateWed, 23 Oct 2024 20:15:36 +0200

                              Icon Hash:c4e1928eacb280a2
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Oct 23, 2024 21:04:13.502140999 CEST1.1.1.1192.168.2.50xd13eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:04:13.502140999 CEST1.1.1.1192.168.2.50xd13eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.40A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.18A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.38A (IP address)IN (0x0001)false
                              Oct 23, 2024 21:05:15.134757996 CEST1.1.1.1192.168.2.50x4482No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.22A (IP address)IN (0x0001)false

                              Click to jump to process

                              Click to jump to process

                              Click to dive into process behavior distribution

                              Click to jump to process

                              Target ID:0
                              Start time:15:03:59
                              Start date:23/10/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Caller left VM MSg e697b597cf0b2cd3d38ee11026da29694216c700 Duration-02... (11.2 KB).msg"
                              Imagebase:0x1b0000
                              File size:34'446'744 bytes
                              MD5 hash:91A5292942864110ED734005B7E005C0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Target ID:2
                              Start time:15:04:08
                              Start date:23/10/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DE7A1F7-8B1A-44DD-AC11-E234434E3029" "FA965654-EA2B-4E46-BF54-7E82D821F0C2" "3228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                              Imagebase:0x7ff6d80d0000
                              File size:710'048 bytes
                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              No disassembly