Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml

Overview

General Information

Sample name:Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml
renamed because original name is a hash value
Original sample name:Nachhaltigkeit im Product Management das ultimative Webinar am 12. Dezember.eml
Analysis ID:1541174
MD5:b33cd6b6c9e0e153c82aa81f58feee72
SHA1:b6c108ac91abaaec5a95bfbd201c3d0073e3759c
SHA256:b0524f0f8f63072307dbc616aae4b014bdbeb1b01d942fba46c2039293c46bdd
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7776 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7276 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DD1B22A-18BB-4EE7-B00E-D3BA96C78A5E" "8875C122-3402-41A4-AC96-BA3E9A8D83BE" "7776" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7776, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.aadrm.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.aadrm.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.cortana.ai
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.office.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.onedrive.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://api.scheduler.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://app.powerbi.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://augloop.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://canary.designerapp.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.entity.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://cinnamon.ci=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://cinnamon.cintona.com/espo/api/v1/Campaign/unsubscribe/6719790a730dd5693
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://cinnamon.cintona.com/espo?entryPoint=3Dunsubscribe&id=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://cintona.com/en/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cortana.ai
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cortana.ai/api
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://cr.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://d.docs.live.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dev.cortana.ai
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://devnull.onenote.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://directory.services.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ecs.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://esgpractices.com
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://esgpractices.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safe=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safelinks.pro=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safelinks.protection.o=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safelinks.protection.ou=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fvucahr=
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcinnamon.cintona.com%2Fespo%3Fentr
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcintona.com%2Fen%2F&data=05%7C02%7
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fesgpractices.com%2F&data=05%7C02%7
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2F
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fredev40.com%2F&data=05%7C02%7Cmaik
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fresponsible-pm.com%2F&data=05%7C02
Source: ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvucahr.com%2F&data=05%7C02%7Cmaike
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://graph.windows.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://graph.windows.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://invites.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://lifecycle.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drString found in binary or memory: https://login.windows.localX
Source: OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drString found in binary or memory: https://login.windows.localft.R
Source: OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drString found in binary or memory: https://login.windows.localnulld.5D
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://make.powerautomate.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://management.azure.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://management.azure.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://messaging.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://mss.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ncus.contentsync.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officeapps.live.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://onedrive.live.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://outlook.office.=
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://outlook.office.com/bookwithme/user/025=
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office365.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office365.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://redev40.com
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://redev40.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://res.cdn.office.net
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://responsible-pm.com
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://responsible-pm.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://service.powerapps.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://settings.outlook.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://staging.cortana.ai
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://substrate.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://tasks.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drString found in binary or memory: https://vucahr.com
Source: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlString found in binary or memory: https://vucahr.com/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://wus2.contentsync.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/18@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DD1B22A-18BB-4EE7-B00E-D3BA96C78A5E" "8875C122-3402-41A4-AC96-BA3E9A8D83BE" "7776" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DD1B22A-18BB-4EE7-B00E-D3BA96C78A5E" "8875C122-3402-41A4-AC96-BA3E9A8D83BE" "7776" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541174 Sample: Nachhaltigkeit im Product M... Startdate: 24/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 96 131 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://shell.suite.office.com:14436E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drfalse
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v16E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fbookwithme%2F~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
      		unknown
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
      • URL Reputation: safe
      		unknown
      https://cintona.com/en/Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
        		unknown
        https://api.aadrm.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
        • URL Reputation: safe
        		unknown
        https://canary.designerapp.6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
        • URL Reputation: safe
        		unknown
        https://www.yammer.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
        • URL Reputation: safe
        		unknown
        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.microsoftstream.com/api/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
          		unknown
          https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cr.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
          • URL Reputation: safe
          		unknown
          https://messagebroker.mobile.m365.svc.cloud.microsoft6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
          • URL Reputation: safe
          		unknown
          https://otelrules.svc.static.microsoft6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
            		unknown
            https://login.windows.localXOUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drfalse
              		unknown
              https://edge.skype.com/registrar/prod6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
              • URL Reputation: safe
              		unknown
              https://res.getmicrosoftkey.com/api/redemptionevents6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
              • URL Reputation: safe
              		unknown
              https://tasks.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officeci.azurewebsites.net/api/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
              • URL Reputation: safe
              		unknown
              https://my.microsoftpersonalcontent.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                		unknown
                https://store.office.cn/addinstemplate6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://edge.skype.com/rps6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://messaging.engagement.office.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://www.odwebp.svc.ms6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.powerbi.com/v1.0/myorg/groups6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://web.microsoftstream.com/video/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.addins.store.officeppe.com/addinstemplate6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://graph.windows.net6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://consent.config.office.com/consentcheckin/v1.0/consents6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                • URL Reputation: safe
                		unknown
                https://d.docs.live.net6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  		unknown
                  https://safelinks.protection.outlook.com/api/GetPolicy6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://ncus.contentsync.6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://weather.service.msn.com/data.aspx6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://mss.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://pushchannel.1drv.ms6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://wus2.contentsync.6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://login.windows.localnulld.5DOUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drfalse
                    		unknown
                    https://clients.config.office.net/user/v1.0/ios6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.omex.office.net/api/addins/search6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://responsible-pm.comNachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
                      		unknown
                      https://outlook.office365.com/api/v1.0/me/Activities6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://eur03.safelinks.pro=Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
                        		unknown
                        https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fresponsible-pm.com%2F&data=05%7C02~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
                          		unknown
                          https://clients.config.office.net/user/v1.0/android/policies6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://entitlement.diagnostics.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://outlook.office.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                            		unknown
                            https://storage.live.com/clientlogs/uploadlocation6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                              		unknown
                              https://login.microsoftonline.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://substrate.office.com/search/api/v1/SearchHistory6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://clients.config.office.net/c2r/v1.0/InteractiveInstallation6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fredev40.com%2F&data=05%7C02%7Cmaik~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
                                		unknown
                                https://service.powerapps.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://graph.windows.net/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://devnull.onenote.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://messaging.office.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://login.windows.localft.ROUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl.0.drfalse
                                  		unknown
                                  https://skyapi.live.net/Activity/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://esgpractices.com/Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
                                    		unknown
                                    https://api.cortana.ai6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                      		unknown
                                      https://messaging.action.office.com/setcampaignaction6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://visio.uservoice.com/forums/368202-visio-on-devices6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://eur03.safe=Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
                                        		unknown
                                        https://staging.cortana.ai6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://vucahr.comNachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
                                          		unknown
                                          https://onedrive.live.com/embed?6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            		unknown
                                            https://augloop.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.diagnosticssdf.office.com/v2/file6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://officepyservice.office.net/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.diagnostics.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://store.office.de/addinstemplate6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3=Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
                                              		unknown
                                              https://wus2.pagecontentsync.6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.powerbi.com/v1.0/myorg/datasets6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://cortana.ai/api6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://redev40.comNachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml, ~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp.0.drfalse
                                                		unknown
                                                https://outlook.office.=Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.emlfalse
                                                  		unknown
                                                  https://api.diagnosticssdf.office.com6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://login.microsoftonline.com/6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.addins.omex.office.net/appinfo/query6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://clients.config.office.net/user/v1.0/tenantassociationkey6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://powerlift.acompli.net6E6A9B7A-C1C6-4486-B906-C10B4351A484.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox version:41.0.0 Charoite
                                                  Analysis ID:1541174
                                                  Start date and time:2024-10-24 14:37:34 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 4m 43s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:9
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml
                                                  renamed because original name is a hash value
                                                  Original Sample Name:Nachhaltigkeit im Product Management das ultimative Webinar am 12. Dezember.eml
                                                  Detection:CLEAN
                                                  Classification:clean1.winEML@3/18@0/0
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .eml

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.28.47, 52.113.194.132, 2.19.126.151, 2.19.126.160, 13.89.179.9
                                                  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdcus09.centralus.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                  • VT rate limit hit for: Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml

                                                  Simulations

                                                  Behavior and APIs

                                                  No simulations

                                                  LLM Input / Output

                                                  InputOutput
                                                  URL: Model: claude-3-5-sonnet-20240620
                                                  {
  "explanation": [
    "The email is from a legitimate business domain (cintona.net) and contains detailed information about a professional webinar",
    "The content is consistent with a genuine event invitation, including speaker details and related events",
    "The email includes professional contact information and an unsubscribe link, which are typical for legitimate marketing emails"
  ],
  "phishing": false,
  "confidence": 9
}
                                                  Is this email content a phishing attempt? Please respond only in valid JSON format:
    Email content converted to JSON:
{
    "date": "Thu, 24 Oct 2024 00:50:13 +0000", 
    "subject": "Nachhaltigkeit im Product Management  das ultimative Webinar am 12. Dezember", 
    "communications": [
        "U ontvangt niet vaak e-mail van sven.hardt@cintona.net. Ontdek waarom dit belangrijk is<https://aka.ms/LearnAboutSenderIdentification>\n\nHallo Bral,\n\nam 12. Dezember begrssen wir Sie/Euch wieder beim ganztgigen Online-Strategietag Green Product Management, bereits eine kleine Tradition in der Adventszeit. Neu haben wir Fragerunden mit den Referenten in virtuellen Breakout-Rumen whrend der Kaffeepausen fr alle, die ein Thema noch ein wenig vertiefen mchten.\n\nMchtige Markttrends, komplexer werdende Compliance-Anforderungen und betriebliche Prozesse  alles im Programm vertreten  machen Nachhaltigkeit zum Mega-Thema fr Product Manager.\n\nWir haben ein sehr praxisrelevantes Programm mit hoher Qualitt zusammengestellt:\n\n  *   Ecodesign in der OEM Smartphone-Entwicklung,\n     *   Steffen Wasmus, Senior Lifecycle Manager, Deutsche Telekom\n  *   Sustainability by Product Design in the Pharma Industry\n     *   Ester Lovsin Barle, Global Head Product Sustainability and Stewardship, Takeda\n  *   Ecodesign am Beispiel Batterien  wirklich grn von Beginn an?\n     *   Martin Rothbart, Senior Product Manager  Energie und Nachhaltigkeit, AVL\n  *   Produktisierung von grner Software: ESG Reports fr KMU\n     *   Luzi Rageth, COO, esg2go\n  *   Verhaltensnderung Richtung Nachhaltigkeit durch Produktdesign\n     *   Florian Czak, Senior Manager Strategy & Business Development, Phoenix Design\n  *   Push and Pull Factors in Green Product Management\n     *   Jahanzeb Tariq, Global Manager Product Sustainability and Circularity, Viessmann Climate Solutions\n  *   Sustainability Principles, Climate Policy and Governance for Private Sector Participants\n     *   Gabriel Thoumi, CEO, Responsible Alpha\n  *   ESG Toolkit fr Product Manager\n     *   Prof. Dr. Patrick Link, Professor in Product Innovation, Hochschule Luzern HSLU\n  *   Umwelt-Produktdaten als Faktor im B2B Vertrieb\n     *   Erfug Yuezer, Manager Environment & CSR, Mitsubishi HiTec Paper Europe GmbH\n  *   Kommunikation von Nachhaltigkeit  Ergebnisse einer grossen Studie\n     *   Dr. Helen Vogt, Studienleitung MAS Product Management, Zrcher Hochschule fr angewandte Wissenschaften ZHAW\n\nMehr Details zu den Vortrgen und Anmeldemglichkeiten finden Sie auf der Website: https://responsible-pm.com\n\nPlattform ist Webex. Ich wrde mich freuen, wenn Sie am 12.12. digital dabei wren. Alle Teilnehmer erhalten ein Zertifikat.\n\nHerzliche Grsse\n\nSven Hardt\n\nFounder/CEO Cintona Ltd. | sven.hardt@cintona.com<mailto:sven.hardt@cintona.com> | www.cintona.com <https://cintona.com/en/> | +41 78 334 26 66\n\nBook a Teams meeting with me<https://outlook.office.com/bookwithme/user/0254655661b444baac4cdd46ecc01589@cintona.com?anonymous&ep=plink>\n\nWeitere interessante Events im November:\n\n  *   HR Innovation Stratgey Day: https://vucahr.com\n  *   R&D 4.0 Strategy Day: https://redev40.com\n  *   ESG Symposium: https://esgpractices.com\n\nUnsubscribe<https://cinnamon.cintona.com/espo?entryPoint=unsubscribe&id=6719790a730dd5693>\n"
    ], 
    "from": "Sven Hardt <sven.hardt@cintona.net>", 
    "to": "maikel.bral@ferranti.be"
}
                                                  URL: Email Model: claude-3-haiku-20240307
                                                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Ontdek waarom dit belangrijk is",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "Hallo Bral,"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                                  URL: Email Model: claude-3-haiku-20240307
                                                  ```json
{
  "brands": [
    "Webex",
    "Cintona Ltd."
  ]
}

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  No context

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):231348
                                                  Entropy (8bit):4.3903847902147
                                                  Encrypted:false
                                                  SSDEEP:1536:ZiYLLQgsvzXZrHV/GgsTTNcAz79ysQqt2Y0ovqoQq7rcm0FvPlBynFyRsrIdZ2n8:jsgs7EgQmiGu2QqoQyrt0FvK8ogGZ06S
                                                  MD5:CE77FC3374E9B68AA863FCA952922B48
                                                  SHA1:A2C53C05FDD16C62F3ECB3C386FDA713AF29207E
                                                  SHA-256:4EA5778713FB7E9CA9CF0BB1A281906BB974CCD876E0A84FA4DF6C3A4C27EC30
                                                  SHA-512:FFFAD8AFF8DAE5BFDC6A583524012BA4B430DD0553B1B458EFA9DDA2C2E6CBD0CF4084A73FCEFAB1CFB4AF2E7824D5749F4F690F515B13D048A02B771409EFA0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:TH02...... ..ws..&......SM01X...,...0Fe..&..........IPM.Activity...........h...............h............H..h4.O......9...h............H..h\FRO ...1\Ap...hh...0.....O....h.iP...........h........_`Fk...h..iP@...I.tw...h....H...8.Kk...0....T...............d.........2h...............k.t............!h.............. h.B........O...#h....8.........$h........8....."h........p.....'h..g...........1h.iP<.........0h....4....Kk../h....h.....KkH..hH...p...4.O...-h ........O...+hJ.iP....(.O................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):322260
                                                  Entropy (8bit):4.000299760592446
                                                  Encrypted:false
                                                  SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                  MD5:CC90D669144261B198DEAD45AA266572
                                                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with no line terminators
                                                  Category:modified
                                                  Size (bytes):10
                                                  Entropy (8bit):2.8464393446710154
                                                  Encrypted:false
                                                  SSDEEP:3:LMbVn:6V
                                                  MD5:268346A30FB8512761D4D31513647BBD
                                                  SHA1:0C1A69032A3F063155DB7317CF876CAEADB231D5
                                                  SHA-256:B7C2B6BF1468C7450F77384720B45712AD9E205ACBC3CBD0A62AA4224DD7643C
                                                  SHA-512:194100A64E89D6D52B2180251B1365D8966CCE5CF7F59E9FCD751CE558252E90523462ABC0F50B2847AF835C776FA63B5BE41A28C5E65E7DE7CE7DFE7C9B37A8
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:1729773540

                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6E6A9B7A-C1C6-4486-B906-C10B4351A484

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):178267
                                                  Entropy (8bit):5.290283556081255
                                                  Encrypted:false
                                                  SSDEEP:1536:ui2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:YCe7HW8QM/o/TXgk9o
                                                  MD5:1BDDD1285B7D3B97FB01ECFED4BC0F22
                                                  SHA1:67555A893D5A3E4978558FEEFD951EFDA7DDE8B7
                                                  SHA-256:F63E79167A77EA3D1149AE85A42F797DCC7D95E1B0E89D0A702AB73E69602FA7
                                                  SHA-512:D0C021C4F4547542469C113504042FA61F084194F51F15636054DE2B83D50C4FA01EB596DFDD7F08ED24BF74098A2B85409BE4C52D175080CEDAFBBDB73DE512
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-24T12:38:56">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                  Category:dropped
                                                  Size (bytes):4096
                                                  Entropy (8bit):0.09216609452072291
                                                  Encrypted:false
                                                  SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                  MD5:F138A66469C10D5761C6CBB36F2163C3
                                                  SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                  SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                  SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:SQLite Rollback Journal
                                                  Category:dropped
                                                  Size (bytes):4616
                                                  Entropy (8bit):0.13700485453793962
                                                  Encrypted:false
                                                  SSDEEP:3:7FEG2l+j3/FllkpMRgSWbNFl/sl+ltlslVlllflljM:7+/lERg9bNFlEs1EP/A
                                                  MD5:F7B37FC8C813BD1CD03C2BB9ACAD4D49
                                                  SHA1:542D307EBE1F23DE9C5F419C31ECCB26BC5F6DBE
                                                  SHA-256:C36DA5426D306AB48AD1A9A91E40612B95290460C51E0078BD3AB7A7E55CD1E7
                                                  SHA-512:24BCD903871F9B0F8278A8D8D3528D73522C5F85D776FE9437D28C5A463AC34FE54CDB2C53D503D2881B64A5C256FE236236A7F8D18B7F49BAD27A6B81FA53C8
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:.... .c......i})....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):0.04470641479249482
                                                  Encrypted:false
                                                  SSDEEP:6:G4l2ebfh9HYAl2ebfhlllML9XXPH4l942U:l2ezX2erlS5A0
                                                  MD5:8353D8C48B5395F4E7803E0F87E95881
                                                  SHA1:B1DF95F1EBBF24C20533E6CC92767A6F0778A381
                                                  SHA-256:F4DDC8D1BA674C4DF1E89D1CC801C9A43ACD26C6DCE85C7362F71111615E791D
                                                  SHA-512:C2D67D464B9A4567B3AD1114492C4B6312CC1EF008DE1ABF49A5EA46F3D5F398B2A4D137893BBDF0A396D0D22649B858CEAD83804B89CA58A76AD64343841F94
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:..-........................[w...q........z.%.D..-........................[w...q........z.%.D........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                  Category:dropped
                                                  Size (bytes):45352
                                                  Entropy (8bit):0.39541067741106767
                                                  Encrypted:false
                                                  SSDEEP:24:KkTRQ3zRDbwRUll7DBtDi4kZERDYQwzqt8VtbDBtDi4kZERDiW:hTRQ1vKUll7DYMFwzO8VFDYM
                                                  MD5:F6570C7FCE8F4E7574F425061A76E8B6
                                                  SHA1:94FB0164998429562ED2F8156C47763166EF5C14
                                                  SHA-256:DB50759B83F531D3016E250386493794237D16E19B08E3E6F3BEFC0F0EBA1DAC
                                                  SHA-512:26A2CBCC2A7FF2C8F2273CA2294D1E0BA73958EC738D086E13F09F2E6E1A6A39939B319CCAAF7367A282D532ACA104AEA8DCD5C935EE68F6261EDB0A62903AA5
                                                  Malicious:false
                                                  Preview:7....-...........q......t.7.#H.........q.....x.x[JG..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D4301769-5464-4E36-8F75-3CE187E5E3CC}.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):2560
                                                  Entropy (8bit):2.133870804683444
                                                  Encrypted:false
                                                  SSDEEP:12:igkXQwYIOBHlMPcheCgGMWY+LSnNKz+2KkM3M30:Z32PccCLMWYMg0zL9gg0
                                                  MD5:F0E44ADB7C35E2927F8530E8F0DA6948
                                                  SHA1:EB57A792C134BBA69585767F8AE5FD21F13FF070
                                                  SHA-256:175EB7D45ECC0FCA54431449C8697475F361F36AE62363B4D5141B9B58E9AEEE
                                                  SHA-512:94DDFF2521F86654FF27A6085E5C119C76370F33A9DD763FF967B55F879A2B73EC275167342451E61D39E468803F7BBEDC49BA00BD84CFDD8A91DD88D5EC73A0
                                                  Malicious:false
                                                  Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...f.r.o.n.t.d.e.s.k...f..................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D6E075A4-CC99-4477-BBF1-5DDBBECFA3D4}.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):14808
                                                  Entropy (8bit):3.6630280702683256
                                                  Encrypted:false
                                                  SSDEEP:192:Ol1O43Rz/refsEcow4lJ8mRKhvGjm+sJAmkHmPBmu2ramnsjTm:y1B3RLrkXcdo2vM
                                                  MD5:D0A050BD7346CB749F3E4BD0FAC6BBC4
                                                  SHA1:02C035E1ADCA0E5BC23D6A002C866C68C3820362
                                                  SHA-256:FA2E8B67BE5B2E0CC904A676EE50A48283A16583D7929E68AEB92227D4628166
                                                  SHA-512:38C7A864E2B336EB1CDC9FCF57FED14F42F95D8A157CD157F9FE89E27E7902BAE869A01F7F4BC169BD0BE60B8CAB9B588D2D4C5724167E176A9712F5563A89D8
                                                  Malicious:false
                                                  Preview:......U. .o.n.t.v.a.n.g.t. .n.i.e.t. .v.a.a.k. .e.-.m.a.i.l. .v.a.n. .s.v.e.n...h.a.r.d.t.@.c.i.n.t.o.n.a...n.e.t... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".............................................................................................................................................................................................................................................................................................................................................r...........$...........N.......N.....................................................................................................................................................................................................................................................................................................&..F....d...d.[$.\$.....&..F....d...d.[$.\$.....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729773531242834500_F9C04087-717C-4FCC-97A4-9304FBAB3F1C.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.006758227569884851
                                                  Encrypted:false
                                                  SSDEEP:192:/fHWqdHKTILUhhOjzbcs4Hk4sRP81RZAWB:/fPqTILU3Ojzbcsuk4SP81RuWB
                                                  MD5:73B897E0BCDE03284F4B8F9A8FBBDF9B
                                                  SHA1:FDCBFF0FEE155715FE4CCA1AFBDB1A08D5F8053D
                                                  SHA-256:816616BA478CD2D935AC3370A57CCA14324751B4A576FA8B153DBAA3950821B9
                                                  SHA-512:4DF27F6AB018AFCE9D36E51495EAB839B17FC8CB876F93AFFEB594C8CA2B5AC904BA354AC47A3D74F0259ECBA7DA72B6EC6D77AB4EBB948D70E59E0EE269003C
                                                  Malicious:false
                                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/24/2024 12:38:51.446.OUTLOOK (0x1E60).0x1E64.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-24T12:38:51.446Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"DFC90B55-9CCB-48FF-8FB0-AF75D3052A70","Data.PreviousSessionInitTime":"2024-10-24T12:38:26.522Z","Data.PreviousSessionUninitTime":"2024-10-24T12:38:32.772Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/24/2024 12:38:51.493.OUTLOOK (0x1E60).0x1F8C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729773531244024900_F9C04087-717C-4FCC-97A4-9304FBAB3F1C.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0838500883-7776.etl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):4.685807884224195
                                                  Encrypted:false
                                                  SSDEEP:768:6FdZxn2kPMlq994wjhP9R4G4YUOPbG6dCsqUIC4vjiYKk6mlIqlKK+YaW50he481:oX4ep9R4GznjsFRQWX+yjr
                                                  MD5:879BBB19FAAA3753CB937666E3436209
                                                  SHA1:0F2E30D75B251D28BE00ADC868A0A150BF5275B3
                                                  SHA-256:C4FBD8FFF0EF46A83AB431068BA915D88C4A60D07F207C08F98A84D4FFB3DB9A
                                                  SHA-512:9DB5B48E6C34A6695F6CCD23458AB6D15D23F29B06FCF4AC1912AAE384247030276B4D6C1716F3C64E5AF6D6F342560818A72A2B1B6F89A44BF5DF2F61E84E59
                                                  Malicious:false
                                                  Preview:............................................................................h...d...`........&..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... *.V................&..........v.2._.O.U.T.L.O.O.K.:.1.e.6.0.:.4.3.e.d.8.4.a.3.b.0.b.5.4.9.d.9.9.0.c.9.4.6.f.c.f.e.c.f.c.0.4.7...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.4.T.0.8.3.8.5.0.0.8.8.3.-.7.7.7.6...e.t.l.......P.P.d...`........&..................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\mso404B.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:GIF image data, version 89a, 15 x 15
                                                  Category:dropped
                                                  Size (bytes):663
                                                  Entropy (8bit):5.949125862393289
                                                  Encrypted:false
                                                  SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                  MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                  SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                  SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                  SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                  Malicious:false
                                                  Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):30
                                                  Entropy (8bit):1.2389205950315936
                                                  Encrypted:false
                                                  SSDEEP:3:3ahllX:qh/
                                                  MD5:B7FAE912DF838B3EA3675D89466D5DFD
                                                  SHA1:D1404BBD1AE4AFCDB3E35B89783103161CC91D70
                                                  SHA-256:01E9296309C40F8ECEF5A4825EC9C845F86E3ED3850F14227A9A61BA610D8322
                                                  SHA-512:19C74EA8EE861CE8F36CCBE71860018799766248F10402422EA28A532EE2C5CCD28CF39C7E156272ECDC8467CB4098B9DF8511AE75E078F2865CAD8434E31BDC
                                                  Malicious:false
                                                  Preview:.....?........................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):16384
                                                  Entropy (8bit):0.6690021850081531
                                                  Encrypted:false
                                                  SSDEEP:12:rl3baFXbm/EqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCIl:r9/Xmnq1Py961U
                                                  MD5:638DA715AB73B32E366D377A4D0B3451
                                                  SHA1:72313B9573EA64C6B2192E8FD07B9DA58C1E20FF
                                                  SHA-256:C440E94FD662C99725C778551E989D806AD01868B3B4FDC3F96D9CBA48E46DC4
                                                  SHA-512:1B75851BF24FDE68E4377642062347BAA526430D0519EDB9E05D99E85592FB8CFA80EA0816051FF866D63BACB392BDDFCF4D14A30B0DCA3A090359BA185CB721
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:Microsoft Outlook email folder (>=2003)
                                                  Category:dropped
                                                  Size (bytes):271360
                                                  Entropy (8bit):3.2037976158603128
                                                  Encrypted:false
                                                  SSDEEP:6144:lHCEkNCEkrCEkaCEk/CEkUCEk2cCEk71:RCEkNCEkrCEkaCEk/CEkUCEk2cCEk
                                                  MD5:A8A034D34997AD757567AFA518F64BE0
                                                  SHA1:15C21C3EA5C5C62FFABE0BA529C6C257AFD98028
                                                  SHA-256:C3AAAE405851BF30457DCABA86FA1870617B2CF1F335A54559B5306C8B640344
                                                  SHA-512:BFE0F4B11CCBD83726B47B25E9FF054BE70085E6347988615FF31F277B06744A016393EEA383D3FEE58732DF2BC543D9193CBCA90259C13705BD11A6831F9E22
                                                  Malicious:false
                                                  Preview:!BDN...zSM......\....6..@M......G.......`................@...........@...@...................................@...........................................................................$.......D......@...............C...............F...........................................................................................................................................................................................................................................................................................$.......?sv.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):4.182664303628554
                                                  Encrypted:false
                                                  SSDEEP:3072:0iCEkNCEkrCEkaCEk/CEkECEk2cCEkuYDaftIzpjBa:hCEkNCEkrCEkaCEk/CEkECEk2cCEk1r
                                                  MD5:B341C5F556435F8F5A7059837126433B
                                                  SHA1:C9C9BAD708AEA949AB11015FDA2979DE9BA0003D
                                                  SHA-256:9C7178652C840864FEABDEE1CD3532DCCF8DB2563F7AFA941D80CAE76064C685
                                                  SHA-512:FA33805AA65A9236E30C378B7A4210200E4374CD44F6AE87C0AC2C1FE5B5F7F9051C205BDA9E31205743255B49BEFD81EB48C2F994A1DC48AA2D6EBB37CBE845
                                                  Malicious:false
                                                  Preview:...S0...k.......`.......&.......D............#.............................................................................................................................................................................................................?............................................................................................................................................................................................................................................................................................................D.......[..0...l.......`.......&.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                  Entropy (8bit):5.674018712281621
                                                  TrID:
                                                  • Text - UTF-8 encoded (3003/1) 100.00%
                                                  File name:Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml
                                                  File size:34'286 bytes
                                                  MD5:b33cd6b6c9e0e153c82aa81f58feee72
                                                  SHA1:b6c108ac91abaaec5a95bfbd201c3d0073e3759c
                                                  SHA256:b0524f0f8f63072307dbc616aae4b014bdbeb1b01d942fba46c2039293c46bdd
                                                  SHA512:1b32244b5d73fa6cab58a8c89c4e1c2e7bcbbfbb331e7bf2e2eb1bc5e5aa02a601e620f3244dbfef7f02534dac4325458c8a3c31ec87269a054c6d0756548be1
                                                  SSDEEP:768:UXbnkjdXonMiETobE8z61To/BSOKJSHotQ5VgVdVK9Zl:5d4nMiPpz61To/EOKqPqVa
                                                  TLSH:DEF21A47F3D428508AAB19246683BB7DBF3988DA4F72097064DE6B3D1B0DCD39AC4589
                                                  File Content Preview:...Received: from AM9PR03MB7833.eurprd03.prod.outlook.com (::1) by.. DU0PR03MB8786.eurprd03.prod.outlook.com with HTTPS; Thu, 24 Oct 2024 04:29:45.. +0000..Received: from DB8PR06CA0018.eurprd06.prod.outlook.com (2603:10a6:10:100::31).. by AM9PR03MB7833.eu

                                                  Static Mail

                                                  General

                                                  Subject:Nachhaltigkeit im Product Management das ultimative Webinar am 12. Dezember
                                                  From:Sven Hardt <sven.hardt@cintona.net>
                                                  To:maikel.bral@ferranti.be
                                                  Cc:
                                                  BCC:
                                                  Date:Thu, 24 Oct 2024 00:50:13 +0000
                                                  Communications:
                                                  • U ontvangt niet vaak e-mail van sven.hardt@cintona.net. Ontdek waarom dit belangrijk is<https://aka.ms/LearnAboutSenderIdentification> Hallo Bral, am 12. Dezember begrssen wir Sie/Euch wieder beim ganztgigen Online-Strategietag Green Product Management, bereits eine kleine Tradition in der Adventszeit. Neu haben wir Fragerunden mit den Referenten in virtuellen Breakout-Rumen whrend der Kaffeepausen fr alle, die ein Thema noch ein wenig vertiefen mchten. Mchtige Markttrends, komplexer werdende Compliance-Anforderungen und betriebliche Prozesse alles im Programm vertreten machen Nachhaltigkeit zum Mega-Thema fr Product Manager. Wir haben ein sehr praxisrelevantes Programm mit hoher Qualitt zusammengestellt: * Ecodesign in der OEM Smartphone-Entwicklung, * Steffen Wasmus, Senior Lifecycle Manager, Deutsche Telekom * Sustainability by Product Design in the Pharma Industry * Ester Lovsin Barle, Global Head Product Sustainability and Stewardship, Takeda * Ecodesign am Beispiel Batterien wirklich grn von Beginn an? * Martin Rothbart, Senior Product Manager Energie und Nachhaltigkeit, AVL * Produktisierung von grner Software: ESG Reports fr KMU * Luzi Rageth, COO, esg2go * Verhaltensnderung Richtung Nachhaltigkeit durch Produktdesign * Florian Czak, Senior Manager Strategy & Business Development, Phoenix Design * Push and Pull Factors in Green Product Management * Jahanzeb Tariq, Global Manager Product Sustainability and Circularity, Viessmann Climate Solutions * Sustainability Principles, Climate Policy and Governance for Private Sector Participants * Gabriel Thoumi, CEO, Responsible Alpha * ESG Toolkit fr Product Manager * Prof. Dr. Patrick Link, Professor in Product Innovation, Hochschule Luzern HSLU * Umwelt-Produktdaten als Faktor im B2B Vertrieb * Erfug Yuezer, Manager Environment & CSR, Mitsubishi HiTec Paper Europe GmbH * Kommunikation von Nachhaltigkeit Ergebnisse einer grossen Studie * Dr. Helen Vogt, Studienleitung MAS Product Management, Zrcher Hochschule fr angewandte Wissenschaften ZHAW Mehr Details zu den Vortrgen und Anmeldemglichkeiten finden Sie auf der Website: https://responsible-pm.com Plattform ist Webex. Ich wrde mich freuen, wenn Sie am 12.12. digital dabei wren. Alle Teilnehmer erhalten ein Zertifikat. Herzliche Grsse Sven Hardt Founder/CEO Cintona Ltd. | sven.hardt@cintona.com<mailto:sven.hardt@cintona.com> | www.cintona.com <https://cintona.com/en/> | +41 78 334 26 66 Book a Teams meeting with me<https://outlook.office.com/bookwithme/user/0254655661b444baac4cdd46ecc01589@cintona.com?anonymous&ep=plink> Weitere interessante Events im November: * HR Innovation Stratgey Day: https://vucahr.com * R&D 4.0 Strategy Day: https://redev40.com * ESG Symposium: https://esgpractices.com Unsubscribe<https://cinnamon.cintona.com/espo?entryPoint=unsubscribe&id=6719790a730dd5693>
                                                  Attachments:

                                                    Headers

                                                    Key Value
                                                    Receivedfrom salt.cintona.com (static.45.55.109.65.clients.your-server.de [65.109.55.45]) (Authenticated sender: sven.hardt@cintona.net) by mailserver.cintona.net (Postfix) with ESMTPA id 543FC4701B for <maikel.bral@ferranti.be>; Thu, 24 Oct 2024 00:50:13 +0000 (UTC)
                                                    Authentication-Resultsspf=pass (sender IP is 65.108.250.128) smtp.mailfrom=cintona.net; dkim=pass (signature was verified) header.d=cintona.net;dmarc=pass action=none header.from=cintona.net;compauth=pass reason=100
                                                    Received-SPFPass (protection.outlook.com: domain of cintona.net designates 65.108.250.128 as permitted sender) receiver=protection.outlook.com; client-ip=65.108.250.128; helo=mailserver.cintona.net; pr=C
                                                    DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=cintona.net; s=default; t=1729731013; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-unsubscribe:list-unsubscribe-post; bh=SzweY/KO7YzOp6syyDtdSMsarhWhvH4YWjmS4UCWYy8=; b=GaJKqsBn/LaRqJ8FkDeYgyoSyghnOH9AyLvYtnmQpNzIGcq8WFTysfWPD8NzgtvTVuFsWy LvXGbEBZPUGtVAErYZjZUllFxy187+yh0LFPgwMgi4f5QCbyqfjXt+EVPIFH6j1buEBzec pOyW+WyzpXmPCC1J6QeEculT1E8N5bHh2qraCqMuSSllwingKaEPDtnb8fbRRA3WlhCqUe uVWuQRpCx3QDFgP4py1R0BCrnQUhBZoyMtUjcjrFpgFJUYMwTFajlmm4XDa2WlnoVFB2PE Bi47N9+Gpg4hx3BzicFRrOfGespLwRPteSNtYALG2D1+p9xmmbm5IJCKtZI1Bw==
                                                    Authentication-Results-Originalmailserver.cintona.net; auth=pass smtp.auth=sven.hardt@cintona.net smtp.mailfrom=sven.hardt+bounce-qid-6719790a730dd5693@cintona.net
                                                    DateThu, 24 Oct 2024 00:50:13 +0000
                                                    X-Queue-Item-Id6719790a730dd5693
                                                    Precedencebulk
                                                    List-Unsubscribe-PostList-Unsubscribe=One-Click
                                                    List-Unsubscribe<https://cinnamon.cintona.com/espo/api/v1/Campaign/unsubscribe/6719790a730dd5693>
                                                    FromSven Hardt <sven.hardt@cintona.net>
                                                    Sendersven.hardt@cintona.net
                                                    Tomaikel.bral@ferranti.be
                                                    Reply-Tosven.hardt@cintona.net
                                                    SubjectNachhaltigkeit im Product Management das ultimative Webinar am 12. Dezember
                                                    Content-Typemultipart/alternative; boundary="=_547d7ac4fce922127477badeb10b8bcc"
                                                    Message-ID<5adb142f41418447ec893077e717d12f/1729731013/4035@espo>
                                                    Return-Pathsven.hardt+bounce-qid-6719790a730dd5693@cintona.net
                                                    X-MS-Exchange-Organization-ExpirationStartTime24 Oct 2024 04:29:40.8303 (UTC)
                                                    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                    X-MS-Exchange-Organization-Network-Message-Id 9b541db1-f83a-4fa1-45df-08dcf3e47a37
                                                    X-EOPAttributedMessage0
                                                    X-EOPTenantAttributedMessagea37fb080-fbc2-4a78-a28d-fd191af9240a:0
                                                    X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                    X-MS-PublicTrafficTypeEmail
                                                    X-MS-TrafficTypeDiagnostic DB3PEPF00008860:EE_|AM9PR03MB7833:EE_|DU0PR03MB8786:EE_
                                                    X-MS-Exchange-Organization-AuthSource DB3PEPF00008860.eurprd02.prod.outlook.com
                                                    X-MS-Exchange-Organization-AuthAsAnonymous
                                                    X-MS-Office365-Filtering-Correlation-Id9b541db1-f83a-4fa1-45df-08dcf3e47a37
                                                    X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                    X-MS-Exchange-Organization-SCL6
                                                    X-Forefront-Antispam-Report CIP:65.108.250.128;CTRY:FI;LANG:de;SCL:6;SRV:;IPV:NLI;SFV:BLK;H:mailserver.cintona.net;PTR:static.128.250.108.65.clients.your-server.de;CAT:SPM;SFTY:9.25;SFS:(13230040)(3092899012)(3072899012)(4022899009)(41022699024)(13102899012)(12012899012)(2092899012)(5062899012)(8096899003);DIR:INB;SFTY:9.25;
                                                    X-Microsoft-Antispam BCL:5;ARA:13230040|3092899012|3072899012|4022899009|41022699024|13102899012|12012899012|2092899012|5062899012|8096899003;
                                                    X-MS-Exchange-CrossTenant-OriginalArrivalTime24 Oct 2024 04:29:40.7053 (UTC)
                                                    X-MS-Exchange-CrossTenant-Network-Message-Id9b541db1-f83a-4fa1-45df-08dcf3e47a37
                                                    X-MS-Exchange-CrossTenant-Ida37fb080-fbc2-4a78-a28d-fd191af9240a
                                                    X-MS-Exchange-CrossTenant-AuthSource DB3PEPF00008860.eurprd02.prod.outlook.com
                                                    X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                    X-MS-Exchange-Transport-CrossTenantHeadersStampedAM9PR03MB7833
                                                    X-MS-Exchange-Transport-EndToEndLatency00:00:04.4903653
                                                    X-MS-Exchange-Processed-By-BccFoldering15.20.8069.009
                                                    X-Microsoft-Antispam-Mailbox-Delivery kl:1;ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506478)(944626604)(920097)(826154)(255002)(930097)(3100021)(140003)(1420198);RF:JunkEmail;
                                                    X-Microsoft-Antispam-Message-Info UDlGohTBVmFvL6cNlPmNG8j1ZIS0pWJiLuwIKZ9PZbx64oaXPNJHGUErlA0+kEQPGyXlmIwbm8fp5DPshOjoWSc8byI478Qm+20MJzqYqa2hL3RWY2+QgQaDug3aaQ3SXyFkVG1QAP3IpfvnsboyvNcuX/0Hxtf4UZH+Z2bfXAW2RJGmehTG8GiwQudtYDP09JLZMnlvuWMo9H7nPq/G6fwnbxc6exE/VRrjiuDjEYmgD5w7Sa3Au6Gv/yqqPvc8C8gQRMPZImXOFZvUcihfjeq6Hdi5IpI0lDelz3XBCoc4XQYFqdFWQZqzTRVYgIu0PgTNQAVbsP5zdvVAvlBGfNOK0eRBXLr5axn660XjI0Ca8MnMZsiaYiDTOV/5bUNTZYru7GLGTG1oWGUlefjQS7rhCrSgHtPLkeIwWk2ut6p1bxG0Ol4627LU7oiibk/VLiU7j1lWu3/ZMZFxZRHvkhwX6ovhkLIeVMM0M5tIRBHUZ8ysLYZhDbr+zWrSoG0lGhgV6ZMUeYtA/AfqUJsrOG2grpfPGjV3TDvXY8NwncI6ogoptS4+p+nKFHlKHQ6V2BsW8B80hrj+PWW+MzHpPmY5iaI1J4FZmxTl+NUHsfkRmrlmLkw06vih/5ApEEtsKgDKiMXK4pLSvY7FldAbl7+LhD+72zaJ1OEMyx1m0xbszkm4kBYYu0KneXbwb7b6yosOtaH/JHkX+xZf1bMEu+sc7raeeB0q5dEmzNfW/5mmIYFKC0XyyJ3O6Ods0xywZOnmV/xxMLgbop64CFFEYmASd87DhSLAc+wlTB1rtVGrji1u3DhgxH5PeV85S/cdn6TuQCyoNZer6mPmLaAx/wEtY4vcNF32QmkRvGH6mqFHAGOom7KGBN8iRSkSEfnCInDwHrx+XVNu2WnfWjRVciG6sWRkZX8G8d/ReJvwT1vDbJ1SMEEPjt4gXZhWS6RqG2mMon21jjIEFYinSpvdJcBsAKpCe8q4Y0ngo+9XBaE6cNMoAgzHaUrcAoNIzJwhekU1L1319BY/gy3nAqR7J+eI321omWe8aMsbhSoN48ljQB5H/jXkZw2/dXIB7E0miBE+BKx3vyH/vwHq7f9k8UV9b/0XLs4ZymZdYtaNuGux/hyuTn9994R9sw/0kAo1tD1ADjdMAsmFWiSWeSsxLTvDA4fA7ntKNhbGWFLMP8eWo8HkNL2zX0C1vVsk106mGLXKgVMOIPEe2DZAFBjmowUEvL69if47leBWHY+6ufo9B2zafuyApav5XlDSZwW3AXzmKfyAIgxEAqEQ3J9wCIJcxsz4Fx/gH2OVaR+fepRvBLVtgsvqApQFqmvu54qGirwOYYtVffFngVW72ZtVAOcu8D5S/denCPs6lcq43/8+C9yp9TxXw/O4lQvez8kr8pjlf4Dm6BKb2+DrPr92Hn3bZ0NTCcBcB1Xz1k+ySYQUaPfr9RFtYgEKBsddSDSmbBsLBKnJvV/OzNScSqocqfovUF7TDCkxAIdG+z++8Vh0DkA0et1onXRPs45/OLRdoo+SMPLGSwquJb4moiG2VbdLKW8GwB3IaU1E2kJ0aXTnpE1pTV2XW9o9PTUTC8ECfEGT4eRnT5OcbHW0qA78AnrVkGrKYcNWxq0xz0Gt1huxj7zt2k7EECSg38ZyY5aKM6gn3KsWT3Cvo7x0ys+rY7iYUcUtGgIVCREsIL4n/rrzJOxmqtZZzEhjjts+8a04xrc6gLw7T4dPrRw+ZjS9RKN/OdpcsEQRL9fD3tlu6mWnuXqcOY6oL238AOKt7YDBC1q3LUewj4o6Y/3KuQMKXqOPZ3wrYzMku+F6smehX103OIfKBcWJ3QAc3qZUwsCQgvR4ofi5x+hPvrpLOfcOazsVHaiPk6ccD0jdZY+KUjnI2uCcm2z4CcZQLsT5ID6heYCvNFdY6/vSQS+lYcU5cYP3papvStthbn8mdyz0Gb4K+Ohcvxfsxab0aPV7lcIYb0i30nNvdO5eusi35O2HNZT7G2mJhgGwa+k5gaN88hhnoIKtfSDiu+j8UcQXu1Qz0joQXTInuxwlU1pqkSvw9tKk8wTRQpymwy0OxcuPKsU0l0PQbFz3yvSqmcMuJiVdsKTUtwNI97Uuh9WB5au3TVKQxHHXzCzgwHZaW+yae2QNYnvWxHk+NTPEfocRJWpefVB8AmgoPDTYY49NRe8NldhJpjqIcMUZn19A+UxZcGITfn55zA8muar8nETYGAN7v95nIMtD+/RsiE0nlmvp9DlLgQKfaZTHZzfHrgGRk1GXl8dZMUR6vAuEVSkrz6lN9MWCvEp6TbsYTir0ByaGYNGKCDHt1U6MqjSHNpNlIG8jNUzO73kWmryEEElwWWI7+scgGxjbI0vQgRkQU2R4NQD1bysYnE2eY2qeSnbhoxXT2KfdczAthhaV1exZ/FjrNGM0YdIsQQqj7J/dtMhjHmQFa43AJeN1Zg1DIXhU2TAeYOfNxgtkuBwUepRIdIDLGpWPjmh9afi0YwZwuUWa+A5pQCvu5tY3DZR5Q0J/wpUsoYUALWZt20Wq9+y4l2PileVRkb77ztvwiWwCBXF8YBd5fEbE4BVGubnW9l6Ry1emW7VY679JeMbr2nBvqY91wEtdV03FcVp3hp05o/sWwsOiE2TtB8HOFWq80hFfLD1pcprUu4tmp4cXbWdv3HF7ltmnJMYje1Io0cIyq6wjU532ldlalPeIX00cSCOSk8oBdFbJJdByaKVtur9l0Cy2U9GM5CapQRaRtn85WG5xDEvrRtyUJSLLRQ2sPjQokcKdcIOL82XtvzmfOJ8Qf1R/
                                                    MIME-Version1.0

                                                    File Icon

                                                    Icon Hash:46070c0a8e0c67d6

                                                    Network Behavior

                                                    No network behavior found

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:08:38:46
                                                    Start date:24/10/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Nachhaltigkeit im Product Management #U2013 das ultimative Webinar am 12. Dezember.eml"
                                                    Imagebase:0x70000
                                                    File size:34'446'744 bytes
                                                    MD5 hash:91A5292942864110ED734005B7E005C0
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:4
                                                    Start time:08:38:54
                                                    Start date:24/10/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DD1B22A-18BB-4EE7-B00E-D3BA96C78A5E" "8875C122-3402-41A4-AC96-BA3E9A8D83BE" "7776" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                    Imagebase:0x7ff661ca0000
                                                    File size:710'048 bytes
                                                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    Disassembly

                                                    No disassembly