Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QN1BkRVd.eml

Overview

General Information

Sample name:QN1BkRVd.eml
renamed because original name is a hash value
Original sample name:abx_CloudMessage_WzQ5MzAsICJmZmNiMGY0Ni1lOGM2LTQ3YWQtYmNkYS05ZDAyZWJiY2NiN2JAMzU4YjgwYjMtYjc5Mi00NzBiLWExYzQtYzUyNDc2NDNjMWI2IiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQTFBLTZuM0tQLTB1dVBQN1BkRVd.eml
Analysis ID:1541357
MD5:6b67ccdb76a2c077aff8b7966a60cfa2
SHA1:d998f63f16239bfa0a4b5be4c4ea7f50566961ba
SHA256:26625f667ad5bfbab54b29df242b355e78697f99837e35a5f5aebd85a6d10a1f
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Suspicious MSG / EML detected (based on various text indicators)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

  • System is w10x64
  • OUTLOOK.EXE (PID: 7464 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\QN1BkRVd.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7884 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E1DA0EB5-DA53-4036-A017-15BFBCC4052E" "F94441E8-48C4-4C37-B624-70C2AE54B301" "7464" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup
No configs have been found
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7464, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: MSG / EMLOCR Text: [Caution: External] @docusign Ville de Montral (Jen) Services d'approvisionnement sent you a document to review and sign. REVIEW DOCUMENT Pictur Ville de Montral - (Jen) Services d'approvisionnement of jen@jenntecllc.com Calgary Construction Association 2725 12th Street NE Calgary, AB T2E 7J2
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: QN1BkRVd.emlString found in binary or memory: http://schema.org/CreativeWo=
Source: QN1BkRVd.emlString found in binary or memory: http://schema.org/Vi=
Source: QN1BkRVd.emlString found in binary or memory: http://schema.org=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.aadrm.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.aadrm.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.cortana.ai
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.microsoftstream.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.office.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.onedrive.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://api.scheduler.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://app.powerbi.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://augloop.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://augloop.office.com/v2
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://canary.designerapp.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.entity.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: QN1BkRVd.emlString found in binary or memory: https://community.docusign.c=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cortana.ai
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cortana.ai/api
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://cr.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://d.docs.live.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dev.cortana.ai
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://devnull.onenote.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://directory.services.
Source: QN1BkRVd.emlString found in binary or memory: https://docucdn-a.akamai=
Source: QN1BkRVd.emlString found in binary or memory: https://docucdn-a.akamaihd.net/oli=
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ecs.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://edge.skype.com/rps
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://graph.windows.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://graph.windows.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ic3.teams.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://invites.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://lifecycle.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.microsoftonline.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.dr, OUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etl.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etl.0.drString found in binary or memory: https://login.windows.localT
Source: OUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://make.powerautomate.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://management.azure.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://management.azure.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.action.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://messaging.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://mss.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: QN1BkRVd.emlString found in binary or memory: https://na2.docusign.net/Member/image.a=
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://na2.docusign.net/Member/image.aspx?i=logo&l=82414db0-6727-4ab7-af20-cff40255c6a6
Source: QN1BkRVd.emlString found in binary or memory: https://na2.docusign.net/Signing/=
Source: QN1BkRVd.emlString found in binary or memory: https://na2.docusign.net/Signing/EmailStart.aspx?a=3Dc6104538-ac3b-4407-b=
Source: QN1BkRVd.emlString found in binary or memory: https://na2.docusign.net/member/=
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://na2.docusign.net/member/Images/email/docInvite-white.png
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.sa=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.p=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protecti=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protection.ou=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?u=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fsuppo=
Source: QN1BkRVd.emlString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%=
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.docusign.com%2Fesignatur
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna2.docusign.net%2FSigning%2FEmail
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.docusign.net%2Freport-abus
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.docusign.com%2F&data=05%7C
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.docusign.com%2Fen%2Farticl
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.docusign.com%2Fen%2Fguides
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.docusign.com%2Fs%2Farticle
Source: ~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drString found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.docusign.com%2Ffeatures-and-be
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ncus.contentsync.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officeapps.live.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officepyservice.office.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://onedrive.live.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office365.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office365.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://powerlift.acompli.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: QN1BkRVd.emlString found in binary or memory: https://protect.docusign.net/report-abus=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://res.cdn.office.net
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://service.powerapps.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://settings.outlook.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://staging.cortana.ai
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://substrate.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: QN1BkRVd.emlString found in binary or memory: https://support.docu=
Source: QN1BkRVd.emlString found in binary or memory: https://support.docusig=
Source: QN1BkRVd.emlString found in binary or memory: https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-S=
Source: QN1BkRVd.emlString found in binary or memory: https://support.docusign=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://tasks.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://webshell.suite.office.com
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://wus2.contentsync.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: QN1BkRVd.emlString found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: EEF05436-BD11-4CB9-A703-18A1261585AE.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: mal48.phis.winEML@3/17@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\QN1BkRVd.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E1DA0EB5-DA53-4036-A017-15BFBCC4052E" "F94441E8-48C4-4C37-B624-70C2AE54B301" "7464" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E1DA0EB5-DA53-4036-A017-15BFBCC4052E" "F94441E8-48C4-4C37-B624-70C2AE54B301" "7464" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior

Persistence and Installation Behavior

barindex
Source: EmailLLM: Page contains button: 'REVIEW DOCUMENT' Source: 'Email'
Source: EmailLLM: Email contains prominent button: 'review document'
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Modify Registry
LSASS Memory13
System Information Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    unknown
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    217.20.57.18
    truefalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      https://shell.suite.office.com:1443EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://designerapp.azurewebsites.netEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://autodiscover-s.outlook.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://useraudit.o365auditrealtimeingestion.manage.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://outlook.office365.com/connectorsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://cdn.entity.EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
      • URL Reputation: safe
      unknown
      https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etl.0.drfalse
        unknown
        https://rpsticket.partnerservices.getmicrosoftkey.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
        • URL Reputation: safe
        unknown
        https://lookup.onenote.com/lookup/geolocation/v1EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
        • URL Reputation: safe
        unknown
        https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
        • URL Reputation: safe
        unknown
        https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%=QN1BkRVd.emlfalse
          unknown
          https://api.aadrm.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
          • URL Reputation: safe
          unknown
          https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.docusign.com%2Fen%2Farticl~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drfalse
            unknown
            https://canary.designerapp.EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
            • URL Reputation: safe
            unknown
            https://www.yammer.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
            • URL Reputation: safe
            unknown
            https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
            • URL Reputation: safe
            unknown
            https://api.microsoftstream.com/api/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
              unknown
              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
              • URL Reputation: safe
              unknown
              https://cr.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
              • URL Reputation: safe
              unknown
              https://login.windows.localTOUTLOOK_16_0_16827_20130-20241024T1216000457-7464.etl.0.drfalse
                unknown
                https://messagebroker.mobile.m365.svc.cloud.microsoftEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                • URL Reputation: safe
                unknown
                https://otelrules.svc.static.microsoftEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                  unknown
                  https://edge.skype.com/registrar/prodEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://res.getmicrosoftkey.com/api/redemptioneventsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://tasks.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://officeci.azurewebsites.net/api/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                  • URL Reputation: safe
                  unknown
                  https://my.microsoftpersonalcontent.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                    unknown
                    https://store.office.cn/addinstemplateEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                    • URL Reputation: safe
                    unknown
                    https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-S=QN1BkRVd.emlfalse
                      unknown
                      https://edge.skype.com/rpsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://messaging.engagement.office.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://www.odwebp.svc.msEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://api.powerbi.com/v1.0/myorg/groupsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://web.microsoftstream.com/video/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://api.addins.store.officeppe.com/addinstemplateEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://graph.windows.netEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://consent.config.office.com/consentcheckin/v1.0/consentsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://d.docs.live.netEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                        unknown
                        https://safelinks.protection.outlook.com/api/GetPolicyEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://docucdn-a.akamaihd.net/oli=QN1BkRVd.emlfalse
                          unknown
                          https://ncus.contentsync.EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                          • URL Reputation: safe
                          unknown
                          http://weather.service.msn.com/data.aspxEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                          • URL Reputation: safe
                          unknown
                          https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fna2.docusign.net%2FSigning%2FEmail~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drtrue
                            unknown
                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                            • URL Reputation: safe
                            unknown
                            https://www.docusign.com/features-and-benefits/mobile?utm_campaign=QN1BkRVd.emlfalse
                              unknown
                              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                              • URL Reputation: safe
                              unknown
                              https://na2.docusign.net/member/=QN1BkRVd.emlfalse
                                unknown
                                https://mss.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                • URL Reputation: safe
                                unknown
                                https://pushchannel.1drv.msEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                • URL Reputation: safe
                                unknown
                                https://wus2.contentsync.EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                • URL Reputation: safe
                                unknown
                                https://clients.config.office.net/user/v1.0/iosEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                • URL Reputation: safe
                                unknown
                                https://api.addins.omex.office.net/api/addins/searchEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                • URL Reputation: safe
                                unknown
                                https://support.docusig=QN1BkRVd.emlfalse
                                  unknown
                                  https://outlook.office365.com/api/v1.0/me/ActivitiesEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://clients.config.office.net/user/v1.0/android/policiesEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://entitlement.diagnostics.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://outlook.office.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                    unknown
                                    https://storage.live.com/clientlogs/uploadlocationEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                      unknown
                                      https://login.microsoftonline.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://substrate.office.com/search/api/v1/SearchHistoryEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://clients.config.office.net/c2r/v1.0/InteractiveInstallationEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://service.powerapps.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://na2.docusign.net/Member/image.a=QN1BkRVd.emlfalse
                                        unknown
                                        https://graph.windows.net/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://devnull.onenote.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://messaging.office.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://skyapi.live.net/Activity/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://support.docu=QN1BkRVd.emlfalse
                                          unknown
                                          https://api.cortana.aiEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                            unknown
                                            https://nam11.sa=QN1BkRVd.emlfalse
                                              unknown
                                              https://messaging.action.office.com/setcampaignactionEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://visio.uservoice.com/forums/368202-visio-on-devicesEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://staging.cortana.aiEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://onedrive.live.com/embed?EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                unknown
                                                https://augloop.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://docucdn-a.akamai=QN1BkRVd.emlfalse
                                                  unknown
                                                  https://nam11.safelinks.protection.ou=QN1BkRVd.emlfalse
                                                    unknown
                                                    https://api.diagnosticssdf.office.com/v2/fileEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://officepyservice.office.net/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://api.diagnostics.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://schema.org/Vi=QN1BkRVd.emlfalse
                                                      unknown
                                                      https://store.office.de/addinstemplateEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://wus2.pagecontentsync.EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://api.powerbi.com/v1.0/myorg/datasetsEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://cortana.ai/apiEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://nam11.safelinks.protection.outlook.com/?url=QN1BkRVd.emlfalse
                                                        unknown
                                                        https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png~WRS{5DD6681A-C784-44F9-949F-62425615092C}.tmp.0.drfalse
                                                          unknown
                                                          https://api.diagnosticssdf.office.comEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://login.microsoftonline.com/EEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://na2.docusign.net/Signing/EmailStart.aspx?a=3Dc6104538-ac3b-4407-b=QN1BkRVd.emltrue
                                                            unknown
                                                            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeEEF05436-BD11-4CB9-A703-18A1261585AE.0.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            No contacted IP infos
                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1541357
                                                            Start date and time:2024-10-24 18:14:42 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 4m 47s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:10
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:QN1BkRVd.eml
                                                            renamed because original name is a hash value
                                                            Original Sample Name:abx_CloudMessage_WzQ5MzAsICJmZmNiMGY0Ni1lOGM2LTQ3YWQtYmNkYS05ZDAyZWJiY2NiN2JAMzU4YjgwYjMtYjc5Mi00NzBiLWExYzQtYzUyNDc2NDNjMWI2IiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQTFBLTZuM0tQLTB1dVBQN1BkRVd.eml
                                                            Detection:MAL
                                                            Classification:mal48.phis.winEML@3/17@0/0
                                                            EGA Information:Failed
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 0
                                                            • Number of non-executed functions: 0
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .eml
                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 52.109.32.97, 2.19.126.151, 2.19.126.160, 52.113.194.132, 52.109.68.129, 217.20.57.18, 20.189.173.14, 52.168.117.175
                                                            • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, onedscolprdwus13.westus.cloudapp.azure.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, onedscolprdeus19.eastus.cloudapp.azure.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                            • VT rate limit hit for: QN1BkRVd.eml
                                                            No simulations
                                                            InputOutput
                                                            URL: Email Model: claude-3-haiku-20240307
                                                            ```json
                                                            {
                                                              "contains_trigger_text": true,
                                                              "trigger_text": "REVIEW DOCUMENT",
                                                              "prominent_button_name": "REVIEW DOCUMENT",
                                                              "text_input_field_labels": "unknown",
                                                              "pdf_icon_visible": false,
                                                              "has_visible_captcha": false,
                                                              "has_urgent_text": false,
                                                              "has_visible_qrcode": false
                                                            }
                                                            URL: Email Model: claude-3-haiku-20240307
                                                            ```json
                                                            {
                                                              "brands": [
                                                                "Docusign"
                                                              ]
                                                            }
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttp://hybrid-web.global.blackspider.com/urlwrap/?q=AXicLU67UsMwEFQBX0Gf0pbtkywxowHLiZgUDEXoGVmRjbFlJX4wk4bPgT-kJgpp9u72dnb35hZ9_SB0943Q2J8S1kTT-Bk53fbGD_Po-8h4h4C_yGb70WGgwAjaOz_q4TFAY41fhvk0mSXyY4Pe5_kw3cdxP3RRa-M8k0-72IqHZXZvRruDbptBrMLl7L5dnLAh60JMfhmNFbb3x0VfmFDBDrPYPO9Wtj--jtp0271IeaVxWlvNawq24rrmlPAKkyw3hGoetMLaNOFnloGugFFS1QmrM3IGAKg1DSLdBrM0veyzSMIsryXPOUnO_1-dYIUisgSKsdoknOWcZiBlmSvMVaZwLouSpIqRslBScsxYCkWZQUkobEByul4riRAivwj9ATUqckw&ZGet hashmaliciousUnknownBrowse
                                                            • 217.20.57.23
                                                            https://click.smb-hub-amer.com/CL0/https:%2F%2Faws-experience.com%2Famer%2Fsmb%2Ffaq/1/010f0192953347ae-3c905125-2a17-4574-9bc8-91e7b29508e2-000000/yNxMb5L-NyQC__8b2PYbvEt2zZ-h7CoRCEU0OPMd7LQ=181Get hashmaliciousUnknownBrowse
                                                            • 217.20.57.37
                                                            https://click.smb-hub-amer.com/CL0/https:%2F%2Faws-experience.com%2Famer%2Fsmb%2Fverify-me-request%3Ftoken=eyJlbWFpbCI6ImJwaW5lZGFAaW1heC5jb20iLCJ2ZXJpZnktdG9rZW4iOiIxZDgyNTBlYjVlMzM4MjNkNDM1ZGIyNDQ2NTRmNGQ1MmM3MTFiNDM4N2QwZDkzNTYwZjlmYzRiYTNmNTJhZjZmNzEyMDkyODdhMzZkYzZiOWQ5ZWNiNTZjYzFjMjRkMjg2ZmYzYzRhYTgxYTQ0MTI4N2I0ODQxZjY5Njg4ZmZmZTcwZDdmZDZkNjZlYzlkMmRjMTAyNTUzZDA2YzNjNjY0ZjM1MjE5NjRhMzFmMzIwYWVhN2FlN2ZlNzU4NDdkN2E2OGQ5YWY1ZTNkYjk2MDI4ZWVlZWVmNjZiNDA4MWI3MzI0MDE0YzIzZDhkNjZmYjQ2YjRkNGQ5OGIzOWM4ZDU1In0%26type=event%26id=6585db7d-9771-4f75-83ae-d72331d5b483%26tier=basic%26path=%252Fe%252F6585d%252Ftech201-generative-ai-activation---prompt-engineering-with-amazon-bedrock/1/010f0192929ffdd9-52e8ab98-0c2d-4477-9745-d305c3580957-000000/bpy3MIKRHDhKHa3naGXB0nUpNkE0SIRP76qCITL47wA=180Get hashmaliciousUnknownBrowse
                                                            • 217.20.57.18
                                                            http://tracking.nod.ro/tracking/click?d=8REPYbZ94cOn_ul_JxRkLKBjFbxwY-GUgS6EV0s7kapGO_zjZE0f1KtLYT5c7nKgelvuD3vDbSI0lknICwSLWolTib8seslw-_rGaMeEVl6PzTFFf9lSRdtGv9cgKIAiR7f5TSW7wlUFE8pTfmAWGF-pjwVLBAEMrKv3pAyCL9Fm0Get hashmaliciousUnknownBrowse
                                                            • 217.20.57.34
                                                            Payment for outstanding statements.pdfGet hashmaliciousHTMLPhisherBrowse
                                                            • 217.20.57.19
                                                            ATT25322.htmlGet hashmaliciousUnknownBrowse
                                                            • 217.20.57.18
                                                            https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                            • 217.20.57.34
                                                            Urgent Quotation documents One Pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                            • 84.201.210.36
                                                            https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3DGet hashmaliciousUnknownBrowse
                                                            • 217.20.57.18
                                                            https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3DGet hashmaliciousUnknownBrowse
                                                            • 217.20.57.18
                                                            bg.microsoft.map.fastly.nethttps://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00dGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdLGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            https://www.canva.com/design/DAGUUU-VdiI/DdL4Z-_loK4X7NMMbGGnJg/view?utm_content=DAGUUU-VdiI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            Windows-StandardCollector-x64.exeGet hashmaliciousCodoso GhostBrowse
                                                            • 199.232.210.172
                                                            Payment for outstanding statements.pdfGet hashmaliciousHTMLPhisherBrowse
                                                            • 199.232.214.172
                                                            ATT25322.htmlGet hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            https://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUnGet hashmaliciousHtmlDropperBrowse
                                                            • 199.232.214.172
                                                            praxisbackup.exeGet hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            No context
                                                            No context
                                                            No context
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):231348
                                                            Entropy (8bit):4.386123018109752
                                                            Encrypted:false
                                                            SSDEEP:3072:iegYFZgTmiGu2zqoQHrt0FvuJeaTrhUg:igcmi2mpeaTrhU
                                                            MD5:592650D41A2B29AB445327CD61C30C36
                                                            SHA1:026542E6A30BFEB0314DC4704616CFF19D537901
                                                            SHA-256:C44E7473B908FD8B373E0FD48D7F3CCCD2397A24A3EF31F12F0F2FF45083738C
                                                            SHA-512:A2200AB635F8B2985283E544FA3A030CC85A3A5CD93DF4D8EED8D140A292FE1EAFB0B0805415938C2629C070CBF175DE24CF0F1BEA937EFEFADFA0D1B02AB9DE
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:TH02...... ..../&......SM01X...,....../&..........IPM.Activity...........h...............h............H..h,.|............h............H..h\FRO ...1\Ap...h.U..0.....|....h&.B~...........h........_`Fk...h.B~@...I.tw...h....H...8.Kk...0....T...............d.........2h...............k..............!h.............. h..1Q......|...#h....8.........$h........8....."hP.............'h..............1h&.B~<.........0h....4....Kk../h....h.....KkH..h....p...,.|...-h ........|...+h..B~.... .|................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):322260
                                                            Entropy (8bit):4.000299760592446
                                                            Encrypted:false
                                                            SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                            MD5:CC90D669144261B198DEAD45AA266572
                                                            SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                            SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                            SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):10
                                                            Entropy (8bit):2.721928094887362
                                                            Encrypted:false
                                                            SSDEEP:3:LMm:V
                                                            MD5:F7776EB0188399EBF5EF0A8F5E810B19
                                                            SHA1:74BB270D765B1DAFD7810677A5FC126935459B08
                                                            SHA-256:1081BE9AEAD27987C910676523828695CDFD810B60FCBAE1BA9A12811119AB0F
                                                            SHA-512:8F312407E76A8AB39B0FF34681C8418442762B930F1FE0C2AF57CE9E8B4CB20069BF5C19A6D075D164670F33F2820CD8C0253A1582BE7F2C09A7BB84C927C904
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:1729786569
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):178267
                                                            Entropy (8bit):5.290273425964084
                                                            Encrypted:false
                                                            SSDEEP:1536:Hi2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:VCe7HW8QM/o/TXgk9o
                                                            MD5:A7C05BE26659C9A7E743616F4EE7DB9E
                                                            SHA1:C5E47E40DC0A9AD3E07630561CC6F7B2A0D8927A
                                                            SHA-256:277683A8747172978FFEE63E2AF6E436C031DF20E53A9787669B4EEC46DF3FFC
                                                            SHA-512:D732FDC4059A7E117B4D1C4F8FF76AC0A1ABBF651B78DE68876C61A01F09D0646CFD82DA28F6FD892B8D5A648FBE42F4DF37E82341F1AA8834CCAE62A1DDC007
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-24T16:16:04">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                            Category:dropped
                                                            Size (bytes):4096
                                                            Entropy (8bit):0.09216609452072291
                                                            Encrypted:false
                                                            SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                            MD5:F138A66469C10D5761C6CBB36F2163C3
                                                            SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                            SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                            SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):4616
                                                            Entropy (8bit):0.13760166725504608
                                                            Encrypted:false
                                                            SSDEEP:3:7FEG2l+k34llk/l/FllkpMRgSWbNFl/sl+ltlslVlllfllln:7+/lb3olkvg9bNFlEs1EP/V
                                                            MD5:33819FD6CC40F85BEA257D0FB1807AAC
                                                            SHA1:B8783D9BDC82C533D804AE1AD615686922307DB2
                                                            SHA-256:6018050D2A586B1BEF3D923A23740775E808407AF707350843F9B21BA65A08B8
                                                            SHA-512:0F8DF4552A0595AA3BF7802946B8CD13D972D1BD113F0A97239C52DD136CEBFFBB093AF651CB746C577BC085564E0DD389161B0260357191D3F48529AD22886C
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:.... .c.....AR.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):32768
                                                            Entropy (8bit):0.04495055541749482
                                                            Encrypted:false
                                                            SSDEEP:3:G4l2GAELoLtl2GAELoTt/WlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2kItl2kQEL9XXPH4l942U
                                                            MD5:E60649DF4B62E801F2C1286782632CB4
                                                            SHA1:635E77A6885209057558A49B72FA49533DCB8EF7
                                                            SHA-256:83F63687F6B3C04B09AC83A02495A41F18DBC238322616AE217F884DCDEC9E20
                                                            SHA-512:488BECA431FEC31B2499F66AD6FF57A4238B478F3069E2368A96B4198EC16AD53D844BA9CE538B1F58C0051DEAA389606E793960325E54625E3544EDD01AFCF0
                                                            Malicious:false
                                                            Preview:..-........................0...].....\@k.B...-........................0...].....\@k.B.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                            Category:dropped
                                                            Size (bytes):45352
                                                            Entropy (8bit):0.3968092716342258
                                                            Encrypted:false
                                                            SSDEEP:24:KjeQQ3zRDRQqUll7DBtDi4kZERD0zqt8VtbDBtDi4kZERD0Rj:OxQ1eqUll7DYMQzO8VFDYMS
                                                            MD5:118101DF5F6CBA89F109B398C1ACFD91
                                                            SHA1:E063B53868678E7E29D70B62C73828C3F4E6DA2B
                                                            SHA-256:235A3609507A5346FAB71274B8E7EC548AC49DE4A1DB3DE0B85D458D1E4D565B
                                                            SHA-512:C88E709FEC7622EDF2476B7644C7DA14C8345C35A3B7C560874D9092D69F4570B94988F898DC67A392F0A1C1063C0CA2545C4D1239765C7F7FB3284C74291EF3
                                                            Malicious:false
                                                            Preview:7....-...............}...%x.............#.....]NSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):2684
                                                            Entropy (8bit):3.9157377963930613
                                                            Encrypted:false
                                                            SSDEEP:48:uiTrlKxJxu5Qxl9Il8uA/aL0IKR+p92AhRKHDZ4tCs6PAd/vc:bOYWG0fa2+RKHF4Isq
                                                            MD5:A367DC376D422A99B18E4E738FBFA2B4
                                                            SHA1:8CD673E207E7B40FDB15AA90B130E305BE1829D5
                                                            SHA-256:3B1C1FCA798CA27BDC43C65EF95A0C69DFCC6CBE6337AAF9DE474ED022856EFD
                                                            SHA-512:E92105D7A7D7E47AAFB49454EEC1119B08574AC80BDA6F486C2610A1035376D67CC512748D8C4E63AE12CE3D3D402EE22075DDCDEDF4C0597F7B0A2153599FA9
                                                            Malicious:false
                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".K.n.o.t.g.Q.F.F.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.K.H.5.H.F.m.
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):20256
                                                            Entropy (8bit):4.046631967845432
                                                            Encrypted:false
                                                            SSDEEP:192:RwY++QQc8HZoooorilUocInalK/V2h2ixxymWYP75WK/YoE6+OvixxCmuwixximZ:RwY++QQc85oooorwJalZhfPckJ0M2eP
                                                            MD5:94429C95CC2571E451B344BCDD1D804C
                                                            SHA1:5A3C7AE2C754949CECB59D835A6833A7FA06DD81
                                                            SHA-256:9B24B0F20D683A3DB50B591FE55CF3F007B14CEE612E210D06DA094B106DB8E2
                                                            SHA-512:9804CFCA98E50F744877B3DBD378F74592D8637F10385ADE491389958E7506EFDE124896BB72BF121BBC85A526CDE5540151F25DA83CB35C48427E3FFC52D6C2
                                                            Malicious:false
                                                            Preview:......[.C.a.u.t.i.o.n.:. .E.x.t.e.r.n.a.l.]. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...2...6...8...............Z...\...^...P...R...T...V...X...Z...\....................................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):20971520
                                                            Entropy (8bit):0.006747244012558795
                                                            Encrypted:false
                                                            SSDEEP:192:/WMENejKTeL4fhxjrVMsydooLl4H2+iB:/WouTeLWxjrVMldooLlu2+iB
                                                            MD5:955446C8422B7E26265FD78DBC39274B
                                                            SHA1:570F243A816113685D710CCBFA61B3FE663B31BA
                                                            SHA-256:5992561274F2ECC8931BE4D194C48CAE07B46F66B00962A1ABAE8DF3480163BC
                                                            SHA-512:E6C22E15525093DC3C6DE8F00B0E34487C4EB490F72D59FEE21BC73FD0D0D8C316A31BD9B84C5F9D8CD384F80A325E2B01A12ED186B3708FAAD8A18D56798978
                                                            Malicious:false
                                                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/24/2024 16:16:01.301.OUTLOOK (0x1D28).0x1D2C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":11,"Time":"2024-10-24T16:16:01.301Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"5A90A9C4-9CD4-4DE4-A5C3-431142162B53","Data.PreviousSessionInitTime":"2024-10-24T16:15:35.442Z","Data.PreviousSessionUninitTime":"2024-10-24T16:15:38.473Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/24/2024 16:16:01.473.OUTLOOK (0x1D28).0x1E34.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):20971520
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3::
                                                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):139264
                                                            Entropy (8bit):4.734725912093598
                                                            Encrypted:false
                                                            SSDEEP:1536:F24FcD99gm1TlX8TlmpAFBIg0lPd6MOynTJByT:F24FcDDgm1hX8Tlme7IjldRbyT
                                                            MD5:11E6B7B54866AA4C2FF354C69C660A8F
                                                            SHA1:686F77BF4B4734BFCD6F6FFF7CF1D7F2446FF3CA
                                                            SHA-256:70E2D1DD0DF746E89DE4AB66A91641DED0A24BCA947BE35AEC2B824FC94E0BD1
                                                            SHA-512:CE62D83DE99FFA0792757654C650A0A6D368C75158636F1D7990C429CFE37435B69447AFFEC77161A51DCB42E964979D5CDBDEB0343650029CC8E39C2FB119CB
                                                            Malicious:false
                                                            Preview:............................................................................h...,...(....:..0&..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................cFiR............:..0&..........v.2._.O.U.T.L.O.O.K.:.1.d.2.8.:.b.4.3.2.1.9.b.1.e.c.d.7.4.8.0.d.9.1.2.3.d.d.6.4.1.3.7.5.b.9.d.5...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.4.T.1.2.1.6.0.0.0.4.5.7.-.7.4.6.4...e.t.l.......P.P.,...(.......0&..................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):30
                                                            Entropy (8bit):1.2389205950315936
                                                            Encrypted:false
                                                            SSDEEP:3:3fJlt:
                                                            MD5:5D1FDE1C777476159470CACBC8005920
                                                            SHA1:CBF925CDEB2FAD88651A6169E9ACFD63F0E41876
                                                            SHA-256:720E63750D610B5F3CDA867A88D62582304ED77E44EF7D74ABB54B4D3FB987A4
                                                            SHA-512:8E334839D47942D84D65565C131D53A2D11347B661B5A36AAE232EAA0FD3179C48828B28DD466D250188FBBBA7B27DB81622E605BD08A1651F6479319C5A97BB
                                                            Malicious:false
                                                            Preview:....@:........................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                            Category:dropped
                                                            Size (bytes):16384
                                                            Entropy (8bit):0.6682217344473116
                                                            Encrypted:false
                                                            SSDEEP:12:rl3baF63kqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCej:rZnmnq1Py961ej
                                                            MD5:EC6B907D8F44F54E3FAF8EF45D1B7FE5
                                                            SHA1:64051D539E9C1B526F63C22624594F1FDEBA0272
                                                            SHA-256:F503903B1B375EBBB76733122D88793E013DFAE8D20FD8FBFDF9E2FC7CB58FBB
                                                            SHA-512:B9E9208C16D3047C195FB6829F66D1624ABA7A63712D13A8B8B45A7E5217E1A2BCDDAE309F9BDC462052DA413F74CAE3CD8FA64A9C17CE57F54387921690EA92
                                                            Malicious:true
                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:Microsoft Outlook email folder (>=2003)
                                                            Category:dropped
                                                            Size (bytes):271360
                                                            Entropy (8bit):2.8629383612065253
                                                            Encrypted:false
                                                            SSDEEP:1536:NXqFv+dew6ROyePimyyqeKsS6aHPjQsRRs6mayOrQIOc6MST5w5Z4nLf4KW53jEQ:KvCaSr5Lz4Ipj
                                                            MD5:E6EEACB219FEEDC1075D84CE60B16F38
                                                            SHA1:E915287D8933879590A6ADD64A21FCBE12491432
                                                            SHA-256:70475536F269BCDF1AB8BA75C5B5120E3558B5A8364F73196C310F5251D603C9
                                                            SHA-512:59C4C536AC73DBE02AC45F068426816A5100B47E8B78763689C17C3CEB8738F92085323CCB2693ECFD57B865BCE1FD61BA1822958216C774EF86CE508908B6CC
                                                            Malicious:true
                                                            Preview:!BDN!#.2SM......\....6..........D.......a................@...........@...@...................................@...........................................................................$.......D.......Z..............B...............?........z.................................................................................................................................................................................................................................................................................. ........`.V.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):131072
                                                            Entropy (8bit):4.246818114348838
                                                            Encrypted:false
                                                            SSDEEP:1536:aimyyqeKsS6aHPjQsRRs6Qaw0OrQIOc5MSgD5yBXiCQW53jEpEHPVQ10BAwr17S2:cID5kSpjoM
                                                            MD5:E8D571BD01A0D4433363ED70CBB37B0E
                                                            SHA1:413E3DE1BC6CBC13E484D9E91CC596635C4771F2
                                                            SHA-256:F8410DDB3157EFBC9B187D8C22FA26F7E3750BAC585D84B9746F08C7EF3B255F
                                                            SHA-512:E1071CB207725ED30F15F171500F3237DAFF4ED6573C739C41B966FDF56A61F67FD8E3AFCA012D89B0941D846874AAF39A57E9315A53C077C43E85DB7341274B
                                                            Malicious:true
                                                            Preview:.Z..C...W.......(...P.S.0&....................#.!BDN!#.2SM......\....6..........D.......a................@...........@...@...................................@...........................................................................$.......D.......Z..............B...............?........z.................................................................................................................................................................................................................................................................................. ........`.V...P.S.0&.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
                                                            File type:Unicode text, UTF-8 text, with CRLF line terminators
                                                            Entropy (8bit):5.960888469640145
                                                            TrID:
                                                              File name:QN1BkRVd.eml
                                                              File size:25'539 bytes
                                                              MD5:6b67ccdb76a2c077aff8b7966a60cfa2
                                                              SHA1:d998f63f16239bfa0a4b5be4c4ea7f50566961ba
                                                              SHA256:26625f667ad5bfbab54b29df242b355e78697f99837e35a5f5aebd85a6d10a1f
                                                              SHA512:c57cbea0b2e2638e544a38b65b6f35dd94dca3e85d9c78c3d5af99e345f843eaa6e65f97d4c4345a9f1f704abf8dd79dcd66c9ac5beddd2162f02d5a01c2bae3
                                                              SSDEEP:384:bX6wdMg2DO0zhhfCzJmV48H/bFJ7XDpoobAWvlaApETk4OCd9Poc0YPuY:bX6wdMz3zG985Vuobx/pEwMzgc0YPuY
                                                              TLSH:75B22C6583542497AEB2304972037D84B330BC8D92F299D1786FA5781E9F8733F15B9D
                                                              File Content Preview:authentication-results: spf=pass (sender IP is 64.207.219.135).. smtp.mailfrom=docusign.net; dkim=pass (signature was verified).. header.d=docusign.net;dmarc=pass action=none.. header.from=docusign.net;compauth=pass reason=100..date: Wed, 23 Oct 2024 15:0
                                                              Subject:Complete with Docusign: Calgary Construction Association.pdf
                                                              From:"Ville de Montral - (Jen) Services d'approvisionnement via Docusign" <dse_na2@docusign.net>
                                                              To:"prodacct@hwnenergy.com" <prodacct@hwnenergy.com>
                                                              Cc:
                                                              BCC:
                                                              Date:Wed, 23 Oct 2024 15:07:47 -0700
                                                              Communications:
                                                                Attachments:
                                                                  Key Value
                                                                  authentication-resultsspf=pass (sender IP is 64.207.219.135) smtp.mailfrom=docusign.net; dkim=pass (signature was verified) header.d=docusign.net;dmarc=pass action=none header.from=docusign.net;compauth=pass reason=100
                                                                  dateWed, 23 Oct 2024 15:07:47 -0700
                                                                  dkim-signaturev=1; a=rsa-sha256; c=relaxed/simple; d=docusign.net; s=mail1; t=1729721267; bh=/XMRAMYJOzBZUgA4K+LLrBun/OEkVJ/3cTbPJr0XX5Y=; h=From; b=JhvKEVPtlh6qhmDpOuzhz2krMLIaZfnddMmdxmdom795DPLKMHybf89fXK8zzP2XO gUWv6BO0j17pDreGNoXnWV6GaW4a17WptugvlYUE0EzraKPFRz7u7q59tkwoZx++nC gOyuEqbK+EG03QUyxlX6N5vFjSo+jrvLoeZU1LqCC9X/iaJzwv1+PXFAYIwWwdzWsx OK4kNNHs8eqSiTtV4Xf/Cozbaos7DlsQyxd/0aFq5PAsUEpYQYS8NmUv4bCqA6V0Kn BxbBgP/9jKK4qZAIChJZLPIEUb4sJQ0crBanjXl2f8oA8DgCxKAFfQfu2UnCGLJWsc 2AX/Bdpx/sEYg==
                                                                  from"Ville de Montral - (Jen) Services d'approvisionnement via Docusign" <dse_na2@docusign.net>
                                                                  message-id<c00099732a194ab39f0e1fd7382bb2cb@docusign.net>
                                                                  mime-version1.0
                                                                  receivedfrom DM4PR02MB8981.namprd02.prod.outlook.com (2603:10b6:8:bd::16) by SJ0PR02MB8814.namprd02.prod.outlook.com with HTTPS; Wed, 23 Oct 2024 22:07:56 +0000, from SJ0PR03CA0037.namprd03.prod.outlook.com (2603:10b6:a03:33e::12) by DM4PR02MB8981.namprd02.prod.outlook.com (2603:10b6:8:bd::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.28; Wed, 23 Oct 2024 22:07:49 +0000, from SJ1PEPF000023CF.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::9d) by SJ0PR03CA0037.outlook.office365.com (2603:10b6:a03:33e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.29 via Frontend Transport; Wed, 23 Oct 2024 22:07:49 +0000, from mailda.docusign.net (64.207.219.135) by SJ1PEPF000023CF.mail.protection.outlook.com (10.167.244.11) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.14 via Frontend Transport; Wed, 23 Oct 2024 22:07:49 +0000, from CH2FE92.corp.docusign.net (unknown [10.104.81.73]) by mailda.docusign.net (Postfix) with ESMTP id BABFB2054D15 for <prodacct@hwnenergy.com>; Wed, 23 Oct 2024 22:07:47 +0000 (UTC), from docusign.net ([127.0.0.1]) by CH2FE92.corp.docusign.net with Microsoft SMTPSVC(10.0.17763.1697); Wed, 23 Oct 2024 15:07:47 -0700
                                                                  received-spfPass (protection.outlook.com: domain of docusign.net designates 64.207.219.135 as permitted sender) receiver=protection.outlook.com; client-ip=64.207.219.135; helo=mailda.docusign.net; pr=C
                                                                  recipient-id09ab18a7-8de5-4c92-931d-cb9cd9f7b00d
                                                                  reply-to"Ville de Montr?al - (Jen) Services d'approvisionnement" <jen@jenntecllc.com>
                                                                  return-pathdse_na2@docusign.net
                                                                  senderDocuSign System <dse_na2@docusign.net>
                                                                  site-id2
                                                                  subjectComplete with Docusign: Calgary Construction Association.pdf
                                                                  to"prodacct@hwnenergy.com" <prodacct@hwnenergy.com>
                                                                  x-api-hostna2.docusign.net
                                                                  x-auto-response-suppressDR, OOF, AutoReply
                                                                  x-bounceemailversion1
                                                                  x-debugFalse
                                                                  x-email-rejection-modeLearningMode
                                                                  x-eopattributedmessage0
                                                                  x-eoptenantattributedmessage358b80b3-b792-470b-a1c4-c5247643c1b6:0
                                                                  x-forefront-antispam-reportCIP:64.207.219.135;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mailda.docusign.net;PTR:mailda.docusign.net;CAT:NONE;SFS:(13230040)(240411011799012)(6062899009)(4123199012)(4092899012)(5073199012)(5082899009)(5063199012)(35002699018)(69100299015)(2092899012)(12012899012)(3072899012)(1032899013)(3092899012)(5062899012)(13012899012)(13102899012)(2066899003)(8096899003);DIR:INB;
                                                                  x-microsoft-antispamBCL:3;ARA:13230040|240411011799012|6062899009|4123199012|4092899012|5073199012|5082899009|5063199012|35002699018|69100299015|2092899012|12012899012|3072899012|1032899013|3092899012|5062899012|13012899012|13102899012|2066899003|8096899003;
                                                                  x-microsoft-antispam-mailbox-deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                  x-microsoft-antispam-message-infovkCcgY+uKM828QNJv9mdVxaljc0gXkecEr4qJoFYdF+b8AGJ2s7IujLwdRPQpSPUsALRGG3/V5M3WOMSC4h9PRhqP2Q9EzsuGQmAc/B+161JE9Ozu1QOxfEnVBTWsZFxeG+/3msU0AihWaO2kQT5c4tzfXYleGCITJjavQm8cn54Ddq+uSkgxw1xVC9HFTnRBMKuMWgWMdtYLWayeQELnpYLnTEo6iysLBsoNJmTHer/MCmnavAiymBQKFrENCzpxbYHTiPZdvQJV1lIzY20Q95BDAeNtEYwFQP4qer5y4k2wazxDcn6Nbiiw02QwRx8bD2c5DIHEN9RlzZ60Xvo7rPXpz2D0NhefMRz/Xp0eWuzrgPqMF9fR7+I4pw4qBygSLstbSXsUSoI7BM4Znexwik+cev6Z+6fPkk+YgQQg6dX2bjoJflj7DhytPgU4blIo2dP3TlBuOcMtjN7EVP60+/0CFkJIdFdpk982fIMRAIlOVi4b6YImco+teP9ozdDp18L8r4VSGEzVL7AZixFUvehYyHJDCLujngZ2brEjufUmxYHmsvESodGpD4IRN1/FYrVqVuGIykzRqka+uiDiPjRP+4/WzBVdjfZHLwK1sp/9SaZiGt2PoyEwLdQSS7BARXaCa66GCAkqJl1o/GuoMJV3HaV84NBhM2+0Sud6ddNRtffFbGZbx6ruTlXIaG7V6ua4MT3MWmNcHFcS1a+76ys00ZEkm/bvljyr0Cl2AsLtrfLDx4V+jWsn6hyr6gm7Nhr2idQGokoRCoMC/sr7NoLa904P29VfeuXW9nQCosD5TGijiBBa4R67gneYi4i8RjPfS1UHqyQc+8j3quCIFKrUJzDX7jLTqXQMn3Fw3uaR5jWPQ0bL2TGlxB/rmpgdaPfwb/LySFnHgg5RBEhXHCmraawJIbAIGpw38EnlFbA9BAbYdk4ehgBKYIWuIw+jqQ8KAeI7ZdvbNzM4ZPylB9TP/pUfWiBpBzQdpz/8zdpN4pGVrOIRTi5SLnXgt2qa2/uuABGc1ZiIwT1j33B1RTF+QuaLkcPt/S+J987B4oVturubN441FwodoNocwGPm9ewdoMVYszt+5dARfzDDtC0uaQsC/JZdKlIj+6wZCtwyDtUsnmzjtqz8Qm//TJVEFKlPRVDSpe0VYHyregZyz/e//NjTKl3hmTqVga6kAyuuIOsXvZT9AoWyUckn9Ansj9D1eGL0q2v/MpKuFmhjM0IEvxQXHJeBVYtG68FZg08JTINxo8vEjeoWG6oqi1gtszNA1tAZ5Xlbd71/XA3F8YSzsrApCHZaRcuGAVjRWVkvKjoUGcTwjR0ijEwac3f4b6mzl/mSL58ySSbrNtUaZV2trKxRoT9ONEW+vj9MFMha8fopfRqSnFX7aktjeABQGxGpG3jrWRVys0s7Jl8ZqOfBwgghC0JU6P4DihsiPL2ekJLDWRiI1rZbJ3LDhsUwk6d2qk1jRr4bgXhfKGOfBrkO3ZwrOUD5AEo2mspWIkfAgU4OPXWDj6GmzGe8ezute5UxbMbVATFrZNewwx0j8W3rjtx5ggWPo5FWzCpAltTlwxkIimP+GcrNMTcBgEt0y9pH6k4rWu0q6s018N+fm/1p1JT1Li8g3DFvfJABOAnlNqXkepTEf7lMOpaZONri9Q1BQPpN4JnmfH0Z6PNFOZBDSMNliBbViamSUJIJGb3Ixeokpc4WFqMFKIsSxU6fT25kxFmaOtL6UgcGOCriDi/DgR2JwWfd7JSGRzv0vUtI68vSTk55MahQvxBZ94g5nRhgoaERO7DRUX6RshY8TAbj6fwS+N/l2Wgeh4I1DD7W37vos0PPell70qfx/7Z8xWHPEk8gZ34KtAEopeHV54u8qcLlCMaAd2b3EB2ZsHZeyjAxUMaHpscmjnUVIDy7JflG7C9Ur8ltV5PRi/Sno2RQXTzu6fw6RcTDJGQT9s6gohkZaGmX1Dnv3SHRk/+g8AujcAleftluo247IZ/XsMXaa1T/Se1eBvhSSqhtC4=
                                                                  x-ms-exchange-atpmessagepropertiesSA|SL
                                                                  x-ms-exchange-crosstenant-authasAnonymous
                                                                  x-ms-exchange-crosstenant-authsource SJ1PEPF000023CF.namprd02.prod.outlook.com
                                                                  x-ms-exchange-crosstenant-fromentityheaderInternet
                                                                  x-ms-exchange-crosstenant-id358b80b3-b792-470b-a1c4-c5247643c1b6
                                                                  x-ms-exchange-crosstenant-network-message-id bd95a11d-8d7b-4e08-c1a8-08dcf3af2200
                                                                  x-ms-exchange-crosstenant-originalarrivaltime23 Oct 2024 22:07:49.1475 (UTC)
                                                                  x-ms-exchange-organization-authasAnonymous
                                                                  x-ms-exchange-organization-authsource SJ1PEPF000023CF.namprd02.prod.outlook.com
                                                                  x-ms-exchange-organization-expirationinterval1:00:00:00.0000000
                                                                  x-ms-exchange-organization-expirationintervalreasonOriginalSubmit
                                                                  x-ms-exchange-organization-expirationstarttime 23 Oct 2024 22:07:49.5069 (UTC)
                                                                  x-ms-exchange-organization-expirationstarttimereasonOriginalSubmit
                                                                  x-ms-exchange-organization-messagedirectionalityIncoming
                                                                  x-ms-exchange-organization-network-message-id bd95a11d-8d7b-4e08-c1a8-08dcf3af2200
                                                                  x-ms-exchange-organization-scl1
                                                                  x-ms-exchange-processed-by-bccfoldering15.20.8093.014
                                                                  x-ms-exchange-transport-crosstenantheadersstampedDM4PR02MB8981
                                                                  x-ms-exchange-transport-endtoendlatency00:00:07.7965523
                                                                  x-ms-exchange-unifiedgroup-addressprodacct@hwnenergy.com
                                                                  x-ms-exchange-unifiedgroup-displaynameProduction Accounting
                                                                  x-ms-exchange-unifiedgroup-mailboxguid388dd576-1a56-45ef-b107-eebae48adf70
                                                                  x-ms-office365-filtering-correlation-idbd95a11d-8d7b-4e08-c1a8-08dcf3af2200
                                                                  x-ms-publictraffictypeEmail
                                                                  x-ms-traffictypediagnostic SJ1PEPF000023CF:EE_|DM4PR02MB8981:EE_|SJ0PR02MB8814:EE_
                                                                  x-originalarrivaltime 23 Oct 2024 22:07:47.0679 (UTC) FILETIME=[FE72D6F0:01DB2597]
                                                                  Content-Typetext/html; charset="utf-8"
                                                                  Content-Transfer-Encodingquoted-printable

                                                                  Icon Hash:46070c0a8e0c67d6
                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Oct 24, 2024 18:16:08.153328896 CEST1.1.1.1192.168.2.70x3bc1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 24, 2024 18:16:08.153328896 CEST1.1.1.1192.168.2.70x3bc1No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                                                                  Oct 24, 2024 18:16:08.153328896 CEST1.1.1.1192.168.2.70x3bc1No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                                                                  Oct 24, 2024 18:17:24.057241917 CEST1.1.1.1192.168.2.70xda24No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                  Oct 24, 2024 18:17:24.057241917 CEST1.1.1.1192.168.2.70xda24No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                  Click to jump to process

                                                                  Click to jump to process

                                                                  Click to dive into process behavior distribution

                                                                  Click to jump to process

                                                                  Target ID:0
                                                                  Start time:12:15:57
                                                                  Start date:24/10/2024
                                                                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\QN1BkRVd.eml"
                                                                  Imagebase:0x550000
                                                                  File size:34'446'744 bytes
                                                                  MD5 hash:91A5292942864110ED734005B7E005C0
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  Target ID:4
                                                                  Start time:12:16:03
                                                                  Start date:24/10/2024
                                                                  Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E1DA0EB5-DA53-4036-A017-15BFBCC4052E" "F94441E8-48C4-4C37-B624-70C2AE54B301" "7464" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                  Imagebase:0x7ff644940000
                                                                  File size:710'048 bytes
                                                                  MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  No disassembly