Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg

Overview

General Information

Sample name:A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg
renamed because original name is a hash value
Original sample name:A minha Via Verde Atualizao de Adeso Adeso 3412605.msg
Analysis ID:1562207
MD5:c248b5eb3c62d1615eb80b508d7dcba4
SHA1:65eb4d991d8bc410106f4ecd07a9eb2fb9369726
SHA256:b6ca07d38a1347fbb075f6526186a73bbf72c0f09d472d2dc4e6918307e16705
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7380 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7740 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C89724F0-86F6-4223-B8B4-E7A66DED5502" "53F42CB1-436A-4128-B83E-E2B0C40E026D" "7380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7380, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The URL in the email points to a suspicious domain 'cgpsco.rahalat.net' instead of legitimate Via Verde domain. The email creates urgency with threats of account deactivation, a common phishing tactic. The second link claims to be www.viaverde.pt but actually points to 127.0.0.1, which is highly suspicious
Source: ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drString found in binary or memory: http://127.0.0.1/#
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.aadrm.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.aadrm.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.cortana.ai
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.office.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.onedrive.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://api.scheduler.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://app.powerbi.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://augloop.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://canary.designerapp.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.entity.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cortana.ai
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cortana.ai/api
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://cr.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://d.docs.live.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dev.cortana.ai
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://devnull.onenote.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://directory.services.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ecs.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msgString found in binary or memory: https://eur05.safelinks.protection.outlook.com/?url=http%3A%2F%2F127.0.0.1%2F
Source: A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg, ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drString found in binary or memory: https://eur05.safelinks.protection.outlook.com/?url=http%3A%2F%2F127.0.0.1%2F&data=05%7C02%7Cnuno.cr
Source: A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msgString found in binary or memory: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcgpsco.rahalat.net%2Fconta
Source: A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg, ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drString found in binary or memory: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcgpsco.rahalat.net%2Fconta&data=05
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://graph.windows.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://graph.windows.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://invites.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://lifecycle.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.windows.local
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://make.powerautomate.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://management.azure.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://management.azure.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://messaging.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://mss.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ncus.contentsync.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officeapps.live.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://onedrive.live.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office365.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office365.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://res.cdn.office.net
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://service.powerapps.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://settings.outlook.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://staging.cortana.ai
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://substrate.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://webshell.suite.office.com
Source: ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drString found in binary or memory: https://wisemovecargo.com/Minha/?id=
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://wus2.contentsync.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: sus21.winMSG@3/13@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T0449560972-7380.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C89724F0-86F6-4223-B8B4-E7A66DED5502" "53F42CB1-436A-4128-B83E-E2B0C40E026D" "7380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C89724F0-86F6-4223-B8B4-E7A66DED5502" "53F42CB1-436A-4128-B83E-E2B0C40E026D" "7380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://127.0.0.1/#0%Avira URL Cloudsafe
https://wisemovecargo.com/Minha/?id=0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
    		high
    https://login.microsoftonline.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
      		high
      https://shell.suite.office.com:144394E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
        		high
        https://designerapp.azurewebsites.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
          		high
          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
            		high
            https://autodiscover-s.outlook.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
              		high
              https://useraudit.o365auditrealtimeingestion.manage.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                		high
                https://outlook.office365.com/connectors94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                  		high
                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                    		high
                    https://cdn.entity.94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                      		high
                      https://api.addins.omex.office.net/appinfo/query94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                        		high
                        https://clients.config.office.net/user/v1.0/tenantassociationkey94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                          		high
                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                            		high
                            https://powerlift.acompli.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                              		high
                              https://rpsticket.partnerservices.getmicrosoftkey.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                		high
                                https://lookup.onenote.com/lookup/geolocation/v194E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                  		high
                                  https://cortana.ai94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                    		high
                                    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                      		high
                                      https://api.powerbi.com/v1.0/myorg/imports94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                        		high
                                        https://notification.m365.svc.cloud.microsoft/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                          		high
                                          https://cloudfiles.onenote.com/upload.aspx94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                            		high
                                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                              		high
                                              https://entitlement.diagnosticssdf.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                		high
                                                https://api.aadrm.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                  		high
                                                  https://ofcrecsvcapi-int.azurewebsites.net/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                    		high
                                                    https://canary.designerapp.94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                      		high
                                                      https://ic3.teams.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                        		high
                                                        https://www.yammer.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                          		high
                                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                            		high
                                                            https://api.microsoftstream.com/api/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                              		high
                                                              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                		high
                                                                https://cr.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                  		high
                                                                  https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                    		high
                                                                    https://messagebroker.mobile.m365.svc.cloud.microsoft94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoft94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                        		high
                                                                        https://portal.office.com/account/?ref=ClientMeControl94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                          		high
                                                                          https://clients.config.office.net/c2r/v1.0/DeltaAdvisory94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                            		high
                                                                            https://edge.skype.com/registrar/prod94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                              		high
                                                                              https://graph.ppe.windows.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                		high
                                                                                https://res.getmicrosoftkey.com/api/redemptionevents94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                  		high
                                                                                  https://powerlift-frontdesk.acompli.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                    		high
                                                                                    https://officeci.azurewebsites.net/api/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                      		high
                                                                                      https://sr.outlook.office.net/ws/speech/recognize/assistant/work94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                        		high
                                                                                        https://api.scheduler.94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                          		high
                                                                                          https://my.microsoftpersonalcontent.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                            		high
                                                                                            https://store.office.cn/addinstemplate94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                              		high
                                                                                              https://api.aadrm.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                		high
                                                                                                https://edge.skype.com/rps94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                    		high
                                                                                                    https://globaldisco.crm.dynamics.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                      		high
                                                                                                      https://messaging.engagement.office.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                        		high
                                                                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                          		high
                                                                                                          https://dev0-api.acompli.net/autodetect94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                            		high
                                                                                                            https://www.odwebp.svc.ms94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                              		high
                                                                                                              https://api.diagnosticssdf.office.com/v2/feedback94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                		high
                                                                                                                http://127.0.0.1/#~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://api.powerbi.com/v1.0/myorg/groups94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                  		high
                                                                                                                  https://web.microsoftstream.com/video/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                    		high
                                                                                                                    https://api.addins.store.officeppe.com/addinstemplate94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                      		high
                                                                                                                      https://graph.windows.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                        		high
                                                                                                                        https://dataservice.o365filtering.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                          		high
                                                                                                                          https://officesetup.getmicrosoftkey.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                            		high
                                                                                                                            https://analysis.windows.net/powerbi/api94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                              		high
                                                                                                                              https://prod-global-autodetect.acompli.net/autodetect94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                		high
                                                                                                                                https://substrate.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.json94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://consent.config.office.com/consentcheckin/v1.0/consents94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcgpsco.rahalat.net%2Fconta&data=05A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg, ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://notification.m365.svc.cloud.microsoft/PushNotifications.Register94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://d.docs.live.net94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://safelinks.protection.outlook.com/api/GetPolicy94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ncus.contentsync.94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://syncservice.o365syncservice.com/"94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://wisemovecargo.com/Minha/?id=~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://weather.service.msn.com/data.aspx94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://apis.live.net/v5.0/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://officepyservice.office.net/service.functionality94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://eur05.safelinks.protection.outlook.com/?url=http%3A%2F%2F127.0.0.1%2F&data=05%7C02%7Cnuno.crA minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg, ~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://templatesmetadata.office.net/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://messaging.lifecycle.office.com/94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://planner.cloud.microsoft94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://mss.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://pushchannel.1drv.ms94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://management.azure.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://outlook.office365.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://wus2.contentsync.94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://incidents.diagnostics.office.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://clients.config.office.net/user/v1.0/ios94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://make.powerautomate.com94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://api.addins.omex.office.net/api/addins/search94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://insertmedia.bing.office.net/odc/insertmedia94E40EB8-E408-48D0-AF16-A9F35F840B88.0.drfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      No contacted IP infos

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1562207
                                                                                                                                                                                                      Start date and time:2024-11-25 10:48:39 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 4m 44s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:7
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:A minha Via Verde Atualizao de Adeso Adeso 3412605.msg
                                                                                                                                                                                                      Detection:SUS
                                                                                                                                                                                                      Classification:sus21.winMSG@3/13@0/0
                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .msg

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.76.243, 20.189.173.16
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, onedscolprdwus17.westus.cloudapp.azure.com, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                      • VT rate limit hit for: A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      No simulations

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):231348
                                                                                                                                                                                                      Entropy (8bit):4.398073634099566
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:4CgrynJgsmiGu2aqoQSrt0Fvb/iD3H/t6D:4oLmi2nziD3fs
                                                                                                                                                                                                      MD5:1E83031E2CB0A4EAABEF64355EE37E81
                                                                                                                                                                                                      SHA1:493A777CE740A6252BFD84E6AFF39535FA56B186
                                                                                                                                                                                                      SHA-256:D1CBF0BB6D559C310D735753532A2FB3DD275113EF152F341F7B13C1A3A6DA2B
                                                                                                                                                                                                      SHA-512:1C5AA9732C707935CFE65D34C5E860DDDD183C6EB3A7E3F94733E3F3BF4D6520F33860F3AF42CADF55328056855DB7F02B46A4ACBB8FBAD2F0A0C5CF02AF695E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:TH02...... ...V.?......SM01X...,....)rV.?..........IPM.Activity...........h...............h............H..h..O.....y....h........X.|.H..h\hub ...AppD...h..u.0.....O....h...............h........_`.k...h....@...I.Dw...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h.Z.....0.O...#h....8.........$hX.|.....8....."h0....... .....'h..f...........1h....<.........0h....4.....k../h....h......kH..h 9..p.....O...-h .......\.O...+hI........O.....6.3.;.1.2.8. ..............F7..............FIPM.Activity..2.Form..1.Standard..1.Journal Entry.2.IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000..1.Microsoft.1.This form is used to create journal entries.......0.kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\94E40EB8-E408-48D0-AF16-A9F35F840B88

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):181859
                                                                                                                                                                                                      Entropy (8bit):5.295308986459551
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:Bi2XfRAqSbH4wglE6Le7HW8Qjj/o/NMOcAZl1p5ihs7EXXNEADpOBIa5YdGVF8St:hde7HW8Qjj/o/aXSbTx
                                                                                                                                                                                                      MD5:84DED3D10044190FB26BE571842D913A
                                                                                                                                                                                                      SHA1:75EFAAF96B31D5C8AE238924B97BB6C276114558
                                                                                                                                                                                                      SHA-256:E2B864F3D1C3C2211128466536E047B4DC70F1D9490041232E66F97A63B72D2F
                                                                                                                                                                                                      SHA-512:B00D99F74529B3FEC668D3F088B8DDF227978962435E4D6C305DA56133A4878D0834CACBDA1070ECF61B57676DB6E43A1F07D61DDA8967D296EB36891D453A77
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-25T09:50:01">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                      Entropy (8bit):0.04591939678467531
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:Gti2TV6DBHYi2TV6DZl/9X01PH4l942wU:uT2BH4T2ZP0G3L
                                                                                                                                                                                                      MD5:DF245327883B7B295757B1BC6416F199
                                                                                                                                                                                                      SHA1:6EF6185B142B646401BAC4FB9259148F8068959E
                                                                                                                                                                                                      SHA-256:4C1FF8A99B4CE40BBE137C82F98B47713D0F227ECBF73F5F9E48EC84F30DEC5A
                                                                                                                                                                                                      SHA-512:6237D5AEF5D1DD5EFBE45B2216454673DA9F3C264F68A4FB62F98C44FCE7AE844CFA5E0EF5CAE64CBFCDCABC08A3670E37A83A2E565110373D92DDCDCEC7692E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:..-.....................:he'..(:.1...7..A&..Tn....-.....................:he'..(:.1...7..A&..Tn..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):49472
                                                                                                                                                                                                      Entropy (8bit):0.4849444768564862
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:M3f8aQ1BR2zUll7DYMBhG+XRzO8VFDYMBrX3yBO8VFDYML:UqJlll414jVGpjVGC
                                                                                                                                                                                                      MD5:90D99565DCA2FDF3769A58F915B8F809
                                                                                                                                                                                                      SHA1:EF2E11FF4C468EE7E81E348DA27F38086A08F3B7
                                                                                                                                                                                                      SHA-256:466B099EBCB62843D8C20558054607024D6268721DA4D40BF385BD513F4DC696
                                                                                                                                                                                                      SHA-512:602BE95F8B6FF0C06444E3D4C70313B6EE3B04221E76709E1F83E5288E8F3305E78EE159FD59AC696247415F4D9F2DDA8FBC4BDC72CC2854C9C8F1FBE2EAE29F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:7....-...........1...7..qv4...Cv.........1...7...^._...TSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8B4FBEFE.dat

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2017 (Macintosh), datetime=2017:09:11 15:25:02], baseline, precision 8, 860x438, components 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):97771
                                                                                                                                                                                                      Entropy (8bit):7.534734899143192
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:tsxCsxou6JO19DwepHadmUHDPhtuz1+DwdRzhC43M8W/537LXV6CHPmi0Z:t9cO0WjhDgFY4c8W/R7V6CHeik
                                                                                                                                                                                                      MD5:72494FD28C4F1C4F5A7479B35F7B0FE3
                                                                                                                                                                                                      SHA1:D91F83925AB3C633CA49A1D0836BBF4E816F07C0
                                                                                                                                                                                                      SHA-256:B518E3AABEEF4B833E8B270B78F03620E36E34CDD174E720E043FDC4F97FAF85
                                                                                                                                                                                                      SHA-512:FD9EC7B34D9AC9FD5DDF84C45715344CDBCFF31CFE9085B84AE4FA4981938CAC687E2417FF5C4B1C9A39275615C4B08D36BA188BB0183DAB4FC5273002D2DF60
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:......Exif..MM.*.............................b...........j.(...........1.....$...r.2...........i....................'.......'.Adobe Photoshop CC 2017 (Macintosh).2017:09:11 15:25:02............................\...........................................&.............(.....................6...................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................Q...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.U..]:.=;r...6:...\.H..<.)*..:g....g.I/.3.....n3..$...........S...?.........k8...>..i....H.K....m......32...........l...T.4,.s....0....tk.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9A5175AD-33EC-46B0-8698-CA8BCAE9AC25}.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):4928
                                                                                                                                                                                                      Entropy (8bit):3.5876822132154342
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:YYn6dub41OGeJxUttttttmnvUccncoybQmmFnsWybQm+:YY6AYOZPlsmm4sm+
                                                                                                                                                                                                      MD5:1AE99C6B271D356E5665411F52E22D93
                                                                                                                                                                                                      SHA1:39AB7BD1FEF7CAFF7BA6F1DCA5C77426E487D41E
                                                                                                                                                                                                      SHA-256:B6AA857879A78AA5A5E31CB4DD71053C3BF596DBA85E55A6F548D739C4805D0B
                                                                                                                                                                                                      SHA-512:D885DA902E8FB476FAF3898BB1E171A28F8E12ABE8DB24A262802E2A3D710BD6776357C39608F7493F3DB6440917BDC3FC679F785E48B653BDDBF47D9F2D6B3E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:....=... .E.m.a.i.l. .p.r.o.v.e.n.i.e.n.t.e. .d.e. .u.m. .e.n.d.e.r.e...o. .e.x.t.e.r.n.o... .N...o. .c.l.i.q.u.e. .e.m. .l.i.n.k.s. .o.u. .a.b.r.a. .a.n.e.x.o.s.,. .a. .m.e.n.o.s. .q.u.e. .r.e.c.o.n.h.e...a. .o. .r.e.m.e.t.e.n.t.e. .e. .t.e.o.r. .d.a. .m.e.n.s.a.g.e.m.........I.N.C.L.U.D.E.P.I.C.T.U.R.E. .".c.i.d.:.i.m.a.g.e._.0.0.0.0.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . .....................................................................................................................................................@...B.......................................................................................................................................................................................................................................................................................................................................................................................................*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732528197449239400_19C44297-7B62-423A-A477-2A27977A6136.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (28775), with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20971520
                                                                                                                                                                                                      Entropy (8bit):0.16110180992641251
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:FvlFgAZhThn59nAIAuLmoCZd0R4UKVLd3B9jsk42gelSJm:6A3h59JZU1B
                                                                                                                                                                                                      MD5:956B1C37F677A36A2DCCE6AF768F2050
                                                                                                                                                                                                      SHA1:C8BD52F099B3C266293CB7A1DF927AE3E2BA4007
                                                                                                                                                                                                      SHA-256:F35E62E3B3571ADD004CD65B9862BA1F57120CB07FAA4878300C4AEA70D37D56
                                                                                                                                                                                                      SHA-512:448451D0AF405C7AB6ECCA9F82F717300278F35CAD806584DDD5AF123403DB32E2C7F9C82A0708AE1D7D8271F4653FEE4FCE83FA941566CCFFA13240F56E0A36
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/25/2024 09:49:57.488.OUTLOOK (0x1CD4).0x1CD8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-11-25T09:49:57.488Z","Contract":"Office.System.Activity","Activity.CV":"l0LEGWJ7OkKkdyonl3phNg.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/25/2024 09:49:57.519.OUTLOOK (0x1CD4).0x1CD8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-11-25T09:49:57.519Z","Contract":"Office.System.Activity","Activity.CV":"l0LEGWJ7OkKkdyonl3phNg.4.10","Activity.Duration":18978,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732528197450573000_19C44297-7B62-423A-A477-2A27977A6136.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20971520
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T0449560972-7380.etl

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):94208
                                                                                                                                                                                                      Entropy (8bit):4.458724773518685
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:gDbHcQdo0yW18Fgk3tW4Zr9cISSLJP0tWsWKWwWRXqOpbR:HJW194Zr9cILXq0
                                                                                                                                                                                                      MD5:201E0565492255426034CA9B78BDC9BD
                                                                                                                                                                                                      SHA1:829683E3BB51375EDA97FF57A108619330D46213
                                                                                                                                                                                                      SHA-256:96BCD38799F69E5B75BC3B20C6F92A4C5B68375EB41DEACB3C17036978DFEBAF
                                                                                                                                                                                                      SHA-512:8D0EED5BEAAC64D0493920F5029BE0AD5EB75C441B610B5953F24378073D61450E2A985A268673ACDF51B9AAD71106EFD91EE68155B20A41F5D0A9BBE599487F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............................................................................d.............b.?..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................Z.............b.?..........v.2._.O.U.T.L.O.O.K.:.1.c.d.4.:.6.0.e.0.d.9.4.5.8.9.2.7.4.a.0.7.a.3.6.c.e.0.8.b.c.e.2.5.5.d.b.3...C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.5.T.0.4.4.9.5.6.0.9.7.2.-.7.3.8.0...e.t.l...........P.P...........b.?..................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DFCE59CBD32A5799F5.TMP

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):163840
                                                                                                                                                                                                      Entropy (8bit):0.37052137950221253
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:/tbIlmKNpft3IC1g3MovMKVyiiQ0r/ODU3zLEe5VKt82NgiXHWQOoSNh/:VElNpov/dNUjwqK+ZiXHOo
                                                                                                                                                                                                      MD5:4E19678F95EA04891A45AE594F599E80
                                                                                                                                                                                                      SHA1:68B3988D275F4457168EC1B1661F595EBD0C8566
                                                                                                                                                                                                      SHA-256:964EC4D5483892F764E5244BEC9203000B452DA95AF0BF982F602F527EEC8C18
                                                                                                                                                                                                      SHA-512:D0C70CC259DA06319E2681014CDD822C714FD56C89DC2590DE16173109EAB0E0A4F948DA62F161C271B637C520B1657E82142097C6E67478CFE2474BB60E4F12
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):30
                                                                                                                                                                                                      Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Snrt:S
                                                                                                                                                                                                      MD5:8D880A20E3F7BB144F887CB0E659D5D4
                                                                                                                                                                                                      SHA1:233A95980E4FE48B6D351F55EDB8949757A15426
                                                                                                                                                                                                      SHA-256:BABC31AE696242C329080F39FEA7035D05C7D51367F1F760A49AF955BCC1B8BF
                                                                                                                                                                                                      SHA-512:E2FFE05FD714DCA56972C2AD44A648ECFCF9A538C2115231E49172A0B849630FCB2A319E1110AE60E48CFCC47FCC978D68C03DEFE31FE51B0D774FBBD2855697
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:....e.........................

                                                                                                                                                                                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):271360
                                                                                                                                                                                                      Entropy (8bit):1.3047989511502665
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:DLQckwyIelpCZO6N3ASGtfSURNrzMSjxbDaGYi3XBfG58BUTIZ:IwybfCZl3UfSUhMSVZBfG5eNZ
                                                                                                                                                                                                      MD5:5A5DF27613C296A6293B52476652D566
                                                                                                                                                                                                      SHA1:60EBC453C8E9B423D9150AF82F5F56D6FE29CE05
                                                                                                                                                                                                      SHA-256:925B31E9272B61537EF408F3750AB551BF38F63808F8C803885A6F71EC53663F
                                                                                                                                                                                                      SHA-512:D4BCAC84A175CC313C6837D97A68DCC884DD63138B675CECD81C4A01E3C3F29EC7CD0590167391B9F69F7BCA56659F7B5320CDB268341316F4D8FB44306D3C8B
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Preview:!BDN.t..SM......\....s..........7.......U................@...........@...@...................................@...........................................................................$.......D.......L..............5........|......2........v...........................................................................................................................................................................................................................................................................................K..".......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                                                      Entropy (8bit):0.8471409091117077
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:KaCFPeyLNDEZd8kGcUlIZAc/VgE2ZRzTwqJgwsN4X0P:E13P
                                                                                                                                                                                                      MD5:394D4595077B5DDAB5211E1EDBE5469A
                                                                                                                                                                                                      SHA1:FD09A0961C01484E2530F6DC61C01D272CCF3F6C
                                                                                                                                                                                                      SHA-256:EDB527DB8A8A13AB0619F039EEC0F155C1B791A52437A072D71673D9D191E730
                                                                                                                                                                                                      SHA-512:7137488B791D4E6CA06F35F04761918E144DACC3F880F7B011B84F67787164365957DFC45A651AF2F5D8B929A12F7B5584CA5DFF0023F0E8A28E3A49C105E615
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Preview:...C...\.............+a.?....................#.!BDN.t..SM......\....s..........7.......U................@...........@...@...................................@...........................................................................$.......D.......L..............5........|......2........v...........................................................................................................................................................................................................................................................................................K..".....+a.?.......z............#..................................................................................................................."..................................................................................................."......................."......-............................................................./.......(......................B.......(..............."......M.......

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                      Entropy (8bit):6.009664550569877
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                      • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                      File name:A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg
                                                                                                                                                                                                      File size:243'712 bytes
                                                                                                                                                                                                      MD5:c248b5eb3c62d1615eb80b508d7dcba4
                                                                                                                                                                                                      SHA1:65eb4d991d8bc410106f4ecd07a9eb2fb9369726
                                                                                                                                                                                                      SHA256:b6ca07d38a1347fbb075f6526186a73bbf72c0f09d472d2dc4e6918307e16705
                                                                                                                                                                                                      SHA512:6702ba6c99ba0fdf5cb333a7f7c365e411dfa024db80c5229096a0f289c75c09a27b1c7d07a635dce591f2b8ff444e23bd177b210584c69f937854dba00cb1fd
                                                                                                                                                                                                      SSDEEP:3072:ssvpwl7iNG7vMWwxn8STE4JsIEU+gs9cO0WjhDgFY4c8W/R7V6CHeiL1:DvpwhOc0WwPsZZjl6CHl
                                                                                                                                                                                                      TLSH:3F34C62129F52609F3739A314BD165AF412DBC5B6E24564E309DA70F3333C85A8AFB27
                                                                                                                                                                                                      File Content Preview:........................>..................................."...................Z..............................................................................................................................................................................

                                                                                                                                                                                                      Static Mail

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Subject:A minha Via Verde Atualizao de Adeso Adeso 3412605
                                                                                                                                                                                                      From:<noreply@viaverde.pt>
                                                                                                                                                                                                      To:"ag.meadela@novobanco.pt" <ag.meadela@novobanco.pt>
                                                                                                                                                                                                      Cc:
                                                                                                                                                                                                      BCC:
                                                                                                                                                                                                      Date:Sun, 24 Nov 2024 10:42:39 +0100
                                                                                                                                                                                                      Communications:
                                                                                                                                                                                                      • Email proveniente de um endereo externo. No clique em links ou abra anexos, a menos que reconhea o remetente e teor da mensagem. Exmo(a). Sr(a). Mantenha os seus dados atualizados! Ajude-nos a conhec-lo melhor para o servir melhor. O acesso a alguns servios de conta ser restrito at que voc atualize sua assinatura com urgncia. Sua conta poder ser desativada permanentemente se a atualizao falhar. Atualize j a sua assinatura <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcgpsco.rahalat.net%2Fconta&data=05%7C02%7Cnuno.cristo%40novobanco.pt%7C2559972bb44047bf1a0b08dd0d2c3fce%7C10338048193a4298abea3596ae88b05e%7C0%7C0%7C638681206074151879%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C20000%7C%7C%7C&sdata=bF3bFwJpeyf31WM5lbvgtr6YHUjAigBucNkYkwSdqWw%3D&reserved=0> Para mais informaes, consulte o nosso site em www.viaverde.pt <https://eur05.safelinks.protection.outlook.com/?url=http%3A%2F%2F127.0.0.1%2F&data=05%7C02%7Cnuno.cristo%40novobanco.pt%7C2559972bb44047bf1a0b08dd0d2c3fce%7C10338048193a4298abea3596ae88b05e%7C0%7C0%7C638681206074171093%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C20000%7C%7C%7C&sdata=W7ShwVSWNQ%2FcbURtmfYr4yAjNxWu%2BTvqfaHs8%2Fu2vRU%3D&reserved=0> ou contacte a nossa linha de Apoio ao Cliente atravs do nmero 210 730 300 (dias teis das 08h30 s 20h30. Chamada para a rede fixa nacional). Com os melhores cumprimentos, Via Verde 2024 Via Verde.Todos os direitos Reservados.
                                                                                                                                                                                                      Attachments:
                                                                                                                                                                                                      • viaverde-1.jpg

                                                                                                                                                                                                      Headers

                                                                                                                                                                                                      Key Value
                                                                                                                                                                                                      Receivedfrom [172.187.161.90] (port=62159 helo=dffdf)
                                                                                                                                                                                                      0836:47 +0000
                                                                                                                                                                                                      by DU0P189MB1842.EURP189.PROD.OUTLOOK.COM (260310a6:10:342::10) with
                                                                                                                                                                                                      2024 0836:05 +0000
                                                                                                                                                                                                      (260310a6:205:2::48) with Microsoft SMTP Server (version=TLS1_2,
                                                                                                                                                                                                      Transport; Mon, 25 Nov 2024 0836:05 +0000
                                                                                                                                                                                                      Authentication-Resultsspf=fail (sender IP is 194.65.36.57)
                                                                                                                                                                                                      Received-SPFFail (protection.outlook.com: domain of viaverde.pt does not
                                                                                                                                                                                                      15.20.8182.16 via Frontend Transport; Mon, 25 Nov 2024 0836:25 +0000
                                                                                                                                                                                                      15.1.2507.39; Mon, 25 Nov 2024 0836:05 +0000
                                                                                                                                                                                                      ag.meadela@novobanco.pt; Mon, 25 Nov 2024 0836:00 +0000 (GMT)
                                                                                                                                                                                                      <ag.meadela@novobanco.pt>; Mon, 25 Nov 2024 0835:05 +0000 (WET)
                                                                                                                                                                                                      24 Nov 2024 0941:48 +0000 (WET)
                                                                                                                                                                                                      DMARC-FilterOpenDMARC Filter v1.3.1 mail1.novobanco.pt 4Xx3l00N5xzThcs
                                                                                                                                                                                                      Authentication-Results-Originalmail1.novobanco.pt; spf=fail
                                                                                                                                                                                                      DKIM-FilterOpenDKIM Filter v2.10.3 mail1.novobanco.pt 4Xx3l00N5xzThcs
                                                                                                                                                                                                      24 Nov 2024 0342:40 -0600
                                                                                                                                                                                                      From<noreply@viaverde.pt>
                                                                                                                                                                                                      To"ag.meadela@novobanco.pt" <ag.meadela@novobanco.pt>
                                                                                                                                                                                                      DateSun, 24 Nov 2024 09:42:39 +0000
                                                                                                                                                                                                      Subject=?utf-8?Q?A=20minha=20Via=20Verde=20=E2=80=93=20Atual?=
                                                                                                                                                                                                      MIME-Version1.0
                                                                                                                                                                                                      Content-Typemultipart/related; type="multipart/alternative";
                                                                                                                                                                                                      Message-ID<DFFDFf8b3c22ca14348e1b419695827b6c66e@dffdf>
                                                                                                                                                                                                      X-AntiAbuseSender Address Domain - viaverde.pt
                                                                                                                                                                                                      X-Get-Message-Sender-Viaserver-607562.usqprop.com: authenticated_id:
                                                                                                                                                                                                      X-Authenticated-Senderserver-607562.usqprop.com: afollowup@usqprop.com
                                                                                                                                                                                                      X-SourceX-Source-Args:
                                                                                                                                                                                                      X-Source-DirReturn-Path: noreply@viaverde.pt
                                                                                                                                                                                                      X-Auto-Response-SuppressDR, OOF, AutoReply
                                                                                                                                                                                                      X-OrganizationHeadersPreservedSW000679.besp.dsp.gbes
                                                                                                                                                                                                      X-MS-Exchange-Organization-ExpirationStartTime25 Nov 2024 08:36:25.6672
                                                                                                                                                                                                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                                                                                                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                                                                                                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                                                                                                      X-MS-Exchange-Organization-Network-Message-Id2559972b-b440-47bf-1a0b-08dd0d2c3fce
                                                                                                                                                                                                      X-EOPAttributedMessage0
                                                                                                                                                                                                      X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                                                                                                                                                                                      X-MS-Exchange-SkipListedInternetSenderip=[162.241.241.190];domain=server-607562.usqprop.com
                                                                                                                                                                                                      X-CrossPremisesHeadersPromotedAM4PEPF00027A6A.eurprd04.prod.outlook.com
                                                                                                                                                                                                      X-CrossPremisesHeadersFilteredAM4PEPF00027A6A.eurprd04.prod.outlook.com
                                                                                                                                                                                                      X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                      X-MS-TrafficTypeDiagnosticAM4PEPF00027A6A:EE_|DU0P189MB1842:EE_|AM7P189MB0836:EE_
                                                                                                                                                                                                      X-MS-Exchange-Organization-AuthSourceSW000676.besp.dsp.gbes
                                                                                                                                                                                                      X-MS-Exchange-Organization-AuthAsAnonymous
                                                                                                                                                                                                      X-OriginatorOrgbdso.onmicrosoft.com
                                                                                                                                                                                                      X-MS-Office365-Filtering-Correlation-Id2559972b-b440-47bf-1a0b-08dd0d2c3fce
                                                                                                                                                                                                      X-MS-Exchange-AtpMessagePropertiesSL
                                                                                                                                                                                                      X-MS-Exchange-Organization-SCL-1
                                                                                                                                                                                                      X-Microsoft-AntispamBCL:0;ARA:13230040|5062899012|12012899012|82310400026|4073399012|2092899012|3072899012|8096899003|4076899003|6220700005;
                                                                                                                                                                                                      X-Forefront-Antispam-ReportCIP:194.65.36.57;CTRY:PT;LANG:pt;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:autodiscover.novobanco.pt;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(5062899012)(12012899012)(82310400026)(4073399012)(2092899012)(3072899012)(8096899003)(4076899003)(6220700005);DIR:INB;
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-OriginalArrivalTime25 Nov 2024 08:36:25.4953
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-Network-Message-Id2559972b-b440-47bf-1a0b-08dd0d2c3fce
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-Id10338048-193a-4298-abea-3596ae88b05e
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=10338048-193a-4298-abea-3596ae88b05e;Ip=[194.65.36.57];Helo=[autodiscover.novobanco.pt]
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-AuthSourceSW000676.besp.dsp.gbes
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                                                                                                                                                      X-MS-Exchange-CrossTenant-FromEntityHeaderHybridOnPrem
                                                                                                                                                                                                      X-MS-Exchange-Transport-CrossTenantHeadersStampedDU0P189MB1842
                                                                                                                                                                                                      X-MS-Exchange-Transport-EndToEndLatency00:00:21.7609329
                                                                                                                                                                                                      X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                                                                                                                                                                                                      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                                                                                                                                      X-Microsoft-Antispam-Message-Info=?us-ascii?Q?84J6b695XuBye4LCAN5soTTn6w61oDYik0GLRJw3jvFpmpAwkDDKYImFrjYA?=
                                                                                                                                                                                                      dateSun, 24 Nov 2024 10:42:39 +0100

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      No network behavior found

                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:04:49:54
                                                                                                                                                                                                      Start date:25/11/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\A minha Via Verde Atualiza#U00e7#U00e3o de Ades#U00e3o Ades#U00e3o 3412605.msg"
                                                                                                                                                                                                      Imagebase:0x60000
                                                                                                                                                                                                      File size:34'446'744 bytes
                                                                                                                                                                                                      MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                      Start time:04:50:02
                                                                                                                                                                                                      Start date:25/11/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C89724F0-86F6-4223-B8B4-E7A66DED5502" "53F42CB1-436A-4128-B83E-E2B0C40E026D" "7380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                      Imagebase:0x7ff66e990000
                                                                                                                                                                                                      File size:710'048 bytes
                                                                                                                                                                                                      MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      No disassembly