Windows Analysis Report
EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg

Overview

General Information

Sample name:	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg
Analysis ID:	1541368
MD5:	75cd3729a08eb18c272253dd5fcf8212
SHA1:	26bda580593e88dd077f8a090326af3dd7e966b4
SHA256:	40dbb73a2943d6dc66f88d18a3f0d64a26a04f528033af8ebaeab4b20ca46ad4
Infos:

Detection

Score:	23
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AI detected landing page (webpage, office document or email)

HTML body contains low number of good links

HTML title does not match URL

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Submit button contains javascript call

Classification

Signatures

HTML body contains low number of good links

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9

HTTP Parser: Title: Sharing Link Validation does not match URL

Submit button contains javascript call

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75

Source: global traffic	DNS traffic detected: DNS query: medallusmedcom-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: classification engine

Classification label: sus23.winMSG@29/28@14/197

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T1233210423-1276.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4530FE17-1FDA-4869-8DF0-FA4A6DA0AEE3" "293BB79E-D390-4222-9ACA-C0495A5F3ACC" "1276" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,1121254362687578653,17294101860194272938,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4530FE17-1FDA-4869-8DF0-FA4A6DA0AEE3" "293BB79E-D390-4222-9ACA-C0495A5F3ACC" "1276" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,1121254362687578653,17294101860194272938,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1976,i,10383624024249622334,10590873044701604238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1976,i,10383624024249622334,10590873044701604238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'Open' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'open'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stores large binary data to the registry

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
2.23.209.11	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
20.189.173.3	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
2.23.209.39	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
2.23.209.16	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
2.16.164.49	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.109.32.47	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.143	unknown	European Union	16625	AKAMAI-ASUS	false
2.19.126.151	unknown	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
52.109.28.47	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.32.97	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
dual-spo-0005.spo-msedge.net	13.107.136.10	true
www.google.com	142.250.185.228	true
medallusmedcom-my.sharepoint.com	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	data	D7A87CE8CEF5EF291BFD6E47F27B9205	28E6F9A2BEA42D1DF1D7332326B9CEA3BF26B0FA	9B4794BA8F6DA7D0F6EF1A55FC4913F6F6FB4B93197ED70FD3069D9F83D57598
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	0B3E5F29FF0F3614A02704A72676A5E5	55F35D7C98C5B5CC885F503EC2F0EA3695E009D9	37347D1BB0345E94ED044B38277E9C099E8D9ECE83B6962A6171730DDFF4536D
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin	ASCII text, with very long lines (65536), with no line terminators	CC90D669144261B198DEAD45AA266572	EF164048A8BC8BD3A015CF63E78BDAC720071305	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin	ASCII text, with no line terminators	EEB9873669A2B91658C63A31AEB28E48	3BC539F774E96571A7C4E1980E3198895FC052CE	019876266837606D91545D2B7DFCA0C8D406C19657933CAD79390D9A615AFAEF
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6A96AA54-05C1-4F8A-9152-E03B51ECBA76	XML 1.0 document, ASCII text, with CRLF line terminators	D144FE00AC7E1F4A1CACFFDC5C8E6762	6C2FE1EEFD15CD64A0C03AD35FDBB8D3EC90567A	3E9EBEB0C2C84C6E6303B1BBAF911183931A9D5D41C166E3A6DFBC8AFDA9C01F
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	F138A66469C10D5761C6CBB36F2163C3	EEA136206474280549586923B7A4A3C6D5DB1E25	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal	SQLite Rollback Journal	EF669C7F1747F8F227AC9E8D092DE2AC	FBD1A252ED51AA9F6BD2C0CF9F9B2CD85C58B5DD	3A92EE596F22FABD76D889D4EBD43694D1E3A04A17A06C58CD067C1D84D6B409
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	EC9EF2475B15E140DB1E34CE6D68120C	2BB13F798DEB0817EB677B7BE2E5CADA9161243F	0C7D2196605222C7FB12F6566C60CBA4F8103278A51BD721018D92B085B79152
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	7767622B389670DC6DEBC33DD5DB37B1	C945EBDF65FBB2D8F397D018044390CCA4489ADB	0BF5A5DC1F45F056E19C340FFBA363A189E4CAC3AF728BE7751E84760A07BA7B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\318F169A.dat	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	4DF1205B01187B26FF893615B19C65DE	13856C6DCE2C8C328153C9C6FD37643EDCC45B81	5931FFF65F3CF45DA0DDD4F29D39BA23063A3735A8F99868DF6C23E26BD61788
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A1383E97.dat	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	1E13EE0ED09C4AF1ADFB6C0D280879B0	1192A79F7B4C4FF814583743F8C66ACA7ECB8ACF	E2395FBA25D3FB8A971345CA65D144F7D9C9D933F70409165446E63D18C0958D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B58A57AC.dat	PNG image data, 96 x 96, 8-bit colormap, non-interlaced	D9DCA1CAC67A8515C5E7572528BDD5A2	E758AF30B557F3E6DC91FCF3F114725BE898B4F4	D03539CC6A66D43CFD2347316E7F93720B2D0D9228836EAA86726D87A5113D90
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{55B1C838-594D-472D-9490-C5FC98BB5F68}.tmp	data	3668254E41E0659D84F3186CC59E738B	84BD86423BFCF727F86A8B5E1BBB10BA42D6995E	CC086A12CCE5DC479B417844E8A805FF4EBE37EA1A1C02E62CDC2378EAF2DCA7
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729787601637731000_EEDEA560-6153-4FCF-BACA-4C5F90C523B6.log	data	0B1D6053224DCD08DF936A41470DBA17	10CB6264644E45959D2310E551A8C4375BF14B61	0F80A7D1B08707330F612DE4E4694B8A66416B5975BC0023CCC4B8D67EEB8021
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729787601638553600_EEDEA560-6153-4FCF-BACA-4C5F90C523B6.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T1233210423-1276.etl	data	FA522F424B1E489E0969552685F304E4	DFEBFC82F5001B381A7EE4FEC4702BF766FCFEB9	2A69D8C5D9A14A90D61DEAFB734E8C9FF984750603322FC8713E71240472F34F
C:\Users\user\AppData\Local\Temp\~DFDE0F4CEC66F1A70E.TMP	data	32F4A4F5474765325A76C4D7CA665E2C	6CC214299E11CF141083ECEAA9068F3D7732C4A8	E51A7408A5EFAE3AE2C924DA27074173D7BF67274001EDE41342E2376F7D2C0B
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	D0EE05668332DF3EC71280F44F786042	72A50C00E977C8EBE4B15F2C527BA298A15268A9	F693A249BA9D209248BFD0750838C9DD781B096A51CD772CAEAE0701062A50ED
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs	Composite Document File V2 Document, Cannot read section info	B10348F1B8CA31EC264DE93F3EADB585	738F422C438B7AFACD4012362DE0348EE2CCCFAC	6E66590D89196E2603133128F5F487BC2EE14B3C9C0ABD1DF589B131553E9B97
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C5A12EA2F9C2D2A79155C1BC161C350C	75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A	61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:33:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A2E404CEB1BAF507D5C4FEAC16D86FC7	6DE83E86CC5BBD3C2A98C4A79828A3AB173C1365	A2CC48D5AD845791B70D2DE2F2835D4A508F90076C886788667C9C766C24B803
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:33:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D8C45DE105BE1536435F610B06126959	5E497CEB1EC09FCA303A5D089017140CE43CBE6F	EB8DD256221062368437BAB6A1FEE9B10EDD5680F18EF31033024E234D90CB0B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0E8D69AAB62B382DFCC37B312A9A16F6	041FEE3B882EC0624BAEB78490A7A613FBADCADB	FB5C39A953132E72B127F7B890E1D2E99339AC259D89B4B96082F422347ACAC0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:33:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	EB313725B2A1C63591E5A5382EF652B1	046914025699FC9FFA81865F5DEBAAADD3877B48	BB1305721D1A4A9CB23C2B83FB1FABD66E0F4DB4C8A085D69D89C20FBF435994
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:33:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	05B8BACF5364917AAF7F74E44F979366	85B2528B3536A4D0BAB14DB789BCAA6AEBE0CDD2	4C652F8932D50810037FDACED253F21D7B5EED81792D732D9F608FF20FCF208B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:33:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B14A4B9753211C7E45E51AFC9D9BBFFA	EF6C0F7CDF5E80CD81DC2B1FC4457A178EE5B56B	9AB37276B2B9146AEF456A4942A1424FC542E6CE15AA09983A95C610D4BAF23C
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	63DF77A2BC84AE55307863FE38783F4E	D934155AE7292B3F7144597DBE6EE38DBFBDFB07	E7E24F8396AF322A480FFFB228130267E0F33A5FA1B1E7A31821D50772A408F3
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	95EA4D90559B9E76A034F3AFECF14B5F	B0D0682FED6EB2A5F77E2DCB68031B0544293380	EEDCAB3A3E0CC957DD7C5452E547498C4366B99F9F410811AFB036843ABD8270

HTML body contains low number of good links

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9

HTTP Parser: Title: Sharing Link Validation does not match URL

Submit button contains javascript call

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="author".. found

Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found
Source: https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75

Source: global traffic	DNS traffic detected: DNS query: medallusmedcom-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.75:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: classification engine

Classification label: sus23.winMSG@29/28@14/197

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T1233210423-1276.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4530FE17-1FDA-4869-8DF0-FA4A6DA0AEE3" "293BB79E-D390-4222-9ACA-C0495A5F3ACC" "1276" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,1121254362687578653,17294101860194272938,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4530FE17-1FDA-4869-8DF0-FA4A6DA0AEE3" "293BB79E-D390-4222-9ACA-C0495A5F3ACC" "1276" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,1121254362687578653,17294101860194272938,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1976,i,10383624024249622334,10590873044701604238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medallusmedcom-my.sharepoint.com/:o:/g/personal/rogerm_directmedclinic_com/EgOiuNNiV0lGmucF5ExLSGoBM4E3jL5a7YmPGl10fE2eEw?e=5%3a53h8sN&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1976,i,10383624024249622334,10590873044701604238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'Open' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'open'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stores large binary data to the registry

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1541368
Product:	CloudBasic
Start time:	18:32:52
Start date:	24.10.2024
Sample:	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	75cd3729a08eb18c272253dd5fcf8212
SHA1:	26bda580593e88dd077f8a090326af3dd7e966b4
SHA256:	40dbb73a2943d6dc66f88d18a3f0d64a26a04f528033af8ebaeab4b20ca46ad4
Filetype:	Outlook Message (71009/1) 45.36%

Windows Analysis Report
EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg