Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg

Overview

General Information

Sample name:FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg
Analysis ID:1562499
MD5:7186e4d931b9a960f15cc69ff2eaf628
SHA1:a57c2f372933c34d77cb52cb1c0f476ebb58c973
SHA256:0d8bbfc4ec87782b0d67cabcf9a9b31a189cf7768c6e512714ccdba10bd95a20
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7312 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7712 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93A4EEFE-DF19-4C69-8AAB-B1B54C1241CA" "EFE18815-4812-48F6-903B-355D2E310B23" "7312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7312, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.aadrm.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.aadrm.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.cortana.ai
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.microsoftstream.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.office.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.onedrive.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://api.scheduler.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://app.powerbi.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://augloop.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://augloop.office.com/v2
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://canary.designerapp.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.entity.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cortana.ai
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cortana.ai/api
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://cr.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://d.docs.live.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dev.cortana.ai
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://devnull.onenote.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://directory.services.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ecs.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://edge.skype.com/rps
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://graph.windows.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://graph.windows.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ic3.teams.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://invites.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://lifecycle.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.microsoftonline.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.dr, EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drString found in binary or memory: https://login.windows.localmojR
Source: OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drString found in binary or memory: https://login.windows.localnulle.OD
Source: App1732548736568439200_FC7FAF40-2B5F-4BDB-A8F4-F5C674377A20.log.0.drString found in binary or memory: https://login.windows.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://make.powerautomate.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://management.azure.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://management.azure.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.action.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://messaging.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://mss.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ncus.contentsync.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officeapps.live.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officepyservice.office.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://onedrive.live.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office365.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office365.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://powerlift.acompli.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://res.cdn.office.net
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: ~WRS{79D3CCB3-4F8A-4FC2-AE0B-D378A176F094}.tmp.0.drString found in binary or memory: https://res.public.onecdn.static.microsoft/assets/mail/file-icon/png/pdf_16x16.png
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://service.powerapps.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://settings.outlook.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://staging.cortana.ai
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://substrate.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg, ~WRS{79D3CCB3-4F8A-4FC2-AE0B-D378A176F094}.tmp.0.drString found in binary or memory: https://url.us.m.mimecastprotect.com/s/nlFaCM8XJrFnjO2skhVH81eHU?domain=bizcreditservices.sharepoint
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://webshell.suite.office.com
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://wus2.contentsync.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/21@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93A4EEFE-DF19-4C69-8AAB-B1B54C1241CA" "EFE18815-4812-48F6-903B-355D2E310B23" "7312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93A4EEFE-DF19-4C69-8AAB-B1B54C1241CA" "EFE18815-4812-48F6-903B-355D2E310B23" "7312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1562499 Sample: FW EXTERNAL Payment Status ... Startdate: 25/11/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 97 150 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://login.windows.localnulle.OD0%Avira URL Cloudsafe
https://login.windows.localmojR0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    windowsupdatebg.s.llnwi.net
    		178.79.238.0
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
        		high
        https://login.microsoftonline.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
          		high
          https://shell.suite.office.com:1443EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
            		high
            https://designerapp.azurewebsites.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
              		high
              https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                		high
                https://autodiscover-s.outlook.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                  		high
                  https://useraudit.o365auditrealtimeingestion.manage.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                    		high
                    https://outlook.office365.com/connectorsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                      		high
                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                        		high
                        https://cdn.entity.EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                          		high
                          https://api.addins.omex.office.net/appinfo/queryEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                            		high
                            https://clients.config.office.net/user/v1.0/tenantassociationkeyEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                              		high
                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                		high
                                https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drfalse
                                  		high
                                  https://powerlift.acompli.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                    		high
                                    https://rpsticket.partnerservices.getmicrosoftkey.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                      		high
                                      https://lookup.onenote.com/lookup/geolocation/v1EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                        		high
                                        https://cortana.aiEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                          		high
                                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                            		high
                                            https://api.powerbi.com/v1.0/myorg/importsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                              		high
                                              https://login.windows.localnulle.ODOUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://notification.m365.svc.cloud.microsoft/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                		high
                                                https://cloudfiles.onenote.com/upload.aspxEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                  		high
                                                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                    		high
                                                    https://entitlement.diagnosticssdf.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                      		high
                                                      https://api.aadrm.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                        		high
                                                        https://ofcrecsvcapi-int.azurewebsites.net/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                          		high
                                                          https://canary.designerapp.EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                            		high
                                                            https://ic3.teams.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                              		high
                                                              https://www.yammer.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                		high
                                                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                  		high
                                                                  https://api.microsoftstream.com/api/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                    		high
                                                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                      		high
                                                                      https://cr.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                        		high
                                                                        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                          		high
                                                                          https://messagebroker.mobile.m365.svc.cloud.microsoftEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoftEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                              		high
                                                                              https://portal.office.com/account/?ref=ClientMeControlEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                		high
                                                                                https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                  		high
                                                                                  https://edge.skype.com/registrar/prodEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                    		high
                                                                                    https://graph.ppe.windows.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                      		high
                                                                                      https://res.getmicrosoftkey.com/api/redemptioneventsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                        		high
                                                                                        https://powerlift-frontdesk.acompli.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                          		high
                                                                                          https://officeci.azurewebsites.net/api/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                            		high
                                                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/workEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                              		high
                                                                                              https://api.scheduler.EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                		high
                                                                                                https://my.microsoftpersonalcontent.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                  		high
                                                                                                  https://store.office.cn/addinstemplateEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                    		high
                                                                                                    https://api.aadrm.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                      		high
                                                                                                      https://edge.skype.com/rpsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                        		high
                                                                                                        https://outlook.office.com/autosuggest/api/v1/init?cvid=EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                          		high
                                                                                                          https://globaldisco.crm.dynamics.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                            		high
                                                                                                            https://messaging.engagement.office.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                              		high
                                                                                                              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                		high
                                                                                                                https://dev0-api.acompli.net/autodetectEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                  		high
                                                                                                                  https://www.odwebp.svc.msEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                    		high
                                                                                                                    https://api.diagnosticssdf.office.com/v2/feedbackEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                      		high
                                                                                                                      https://api.powerbi.com/v1.0/myorg/groupsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                        		high
                                                                                                                        https://web.microsoftstream.com/video/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                          		high
                                                                                                                          https://api.addins.store.officeppe.com/addinstemplateEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                            		high
                                                                                                                            https://login.windows.localmojROUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl.0.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://graph.windows.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                              		high
                                                                                                                              https://dataservice.o365filtering.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                		high
                                                                                                                                https://officesetup.getmicrosoftkey.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://analysis.windows.net/powerbi/apiEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://prod-global-autodetect.acompli.net/autodetectEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://substrate.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://outlook.office365.com/autodiscover/autodiscover.jsonEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://consent.config.office.com/consentcheckin/v1.0/consentsEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://d.docs.live.netEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://safelinks.protection.outlook.com/api/GetPolicyEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://ncus.contentsync.EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://syncservice.o365syncservice.com/"EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://weather.service.msn.com/data.aspxEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://apis.live.net/v5.0/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://officepyservice.office.net/service.functionalityEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://templatesmetadata.office.net/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://messaging.lifecycle.office.com/EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://planner.cloud.microsoftEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://mss.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://pushchannel.1drv.msEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://management.azure.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://outlook.office365.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://login.windows.netApp1732548736568439200_FC7FAF40-2B5F-4BDB-A8F4-F5C674377A20.log.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://wus2.contentsync.EAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://incidents.diagnostics.office.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://clients.config.office.net/user/v1.0/iosEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://make.powerautomate.comEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://api.addins.omex.office.net/api/addins/searchEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://insertmedia.bing.office.net/odc/insertmediaEAEC941A-E3BC-427D-BCA1-20DBF11F5E63.0.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          No contacted IP infos

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1562499
                                                                                                                                                                                                          Start date and time:2024-11-25 16:31:01 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 4m 43s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:12
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg
                                                                                                                                                                                                          Detection:CLEAN
                                                                                                                                                                                                          Classification:clean1.winMSG@3/21@0/0
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .msg

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.89.18, 23.32.238.27, 23.32.238.40, 52.113.194.132, 52.109.89.19, 52.111.252.18, 52.111.252.15, 52.111.252.17, 52.111.252.16, 178.79.238.0, 104.208.16.92
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, onedscolprdcus23.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, prod-all.naturallanguageeditorservice.osi.office.net.akadns.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod-inc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, s-0005.s-msedge
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • VT rate limit hit for: FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          windowsupdatebg.s.llnwi.nethttp://esaleerugs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          KAHILINGAN NG BADYET 25-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                          • 178.79.238.128
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          0Nj1sxmCtr.exeGet hashmaliciousBinder HackTool, QuasarBrowse
                                                                                                                                                                                                          • 178.79.238.128
                                                                                                                                                                                                          registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.128
                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                          • 178.79.238.0
                                                                                                                                                                                                          bg.microsoft.map.fastly.netDisputes.accdbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          ZwmyzMxFKL.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          PVJ6cLZQ0T.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          Pe4905VGl1.batGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          WNIOSEK BUD#U017bETOWY 25-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          http://propdfhub.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):231348
                                                                                                                                                                                                          Entropy (8bit):4.390937827421324
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:sbYLBsgsCSyTVSVIBgsPfNcAz79ysQqt2UrMnqoQfIrcm0FvzKnyNOeWm0XJHP5c:5ig3wggImiGu2rqoQArt0FvXp4NVP0xl
                                                                                                                                                                                                          MD5:9742611EF1E2CE5B8A017B58A886B775
                                                                                                                                                                                                          SHA1:A21245C25057639BB622ECA1EC835B0B359FC819
                                                                                                                                                                                                          SHA-256:9B1B1669958A4093FFFB1EB81C42B3DAF10504798BA5E6D7831A2FDC86D030A4
                                                                                                                                                                                                          SHA-512:66BCABD2FB63A21F1E59027A5D42B62AEF92F40DA03155DB9077462E8499C27BE4987004F16F58DDEDD7A91CCFB85B18BB38343588DE4AFC883810D815DB3473
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:TH02...... .@t.'O?......SM01X...,...`..'O?..........IPM.Activity...........h...............h............H..h..S............h........Ps..H..h\hub ...AppD...hP.v.0...P.S....hC.1v...........h........_`.k...h..1v@...I.Dw...h....H...8..k...0....T...............d.........2h...............k1.1...........!h.............. h..q.....h.S...#h....8.........$hPs......8....."hX{.......|....'h..X...........1hC.1v<.........0h....4.....k../h....h......kH..hX`..p.....S...-h .........S...+h.1v.....S................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):322260
                                                                                                                                                                                                          Entropy (8bit):4.000299760592446
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                                                                                                                                          MD5:CC90D669144261B198DEAD45AA266572
                                                                                                                                                                                                          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                                                                                                                                          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                                                                                                                                          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                                          Entropy (8bit):2.6464393446710157
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:LJS3:VS3
                                                                                                                                                                                                          MD5:6A6CD52AEC07827A75B3C60B36DC663D
                                                                                                                                                                                                          SHA1:83272006DFA496DD0D404175CF86F34B4BD3C2F2
                                                                                                                                                                                                          SHA-256:937AF5E0F5E17ACC9CF51F159AB1DB58CFB9B3EC6BFB25CF95E23E0097678D0D
                                                                                                                                                                                                          SHA-512:D7384D74C1922AF7628EBEE13724866AF58DBFDD918F387B94B553B7A8B1224B25F4B7387CF81AFDDD5F665653521B048CA871CB8E176F385E656EA239EF1F54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:1732548744

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EAEC941A-E3BC-427D-BCA1-20DBF11F5E63

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):181859
                                                                                                                                                                                                          Entropy (8bit):5.295299474635545
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:1i2XfRAqSbH4wglE6Le7HW8Qjj/o/NMOcAZl1p5ihs7EXXNEADpOBIa5YdGVF8St:dde7HW8Qjj/o/aXSbTx
                                                                                                                                                                                                          MD5:CB1C72198FB0A3461542E8BA689A24CD
                                                                                                                                                                                                          SHA1:076ED51A1BA54819075C195DD23EB79DE1AB2115
                                                                                                                                                                                                          SHA-256:9F12EB08FE87344F9A31C4CFF899BF0B3B811683C0C09BBBF6798C7C6E818B1E
                                                                                                                                                                                                          SHA-512:A532777773BF64BB72D77570A0DC8E1B569489C98EEF410E4276D0C1E6B6A3E7225079E2FF7BFE144837297E8BFABFEC3CE45643A71A48A6736127F0332BD413
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-25T15:32:20">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                          Entropy (8bit):0.09216609452072291
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                                                          MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                                                          SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                                                          SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                                                          SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4616
                                                                                                                                                                                                          Entropy (8bit):0.13760166725504608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:7FEG2l+uVutsH/FllkpMRgSWbNFl/sl+ltlslVlllfllg6:7+/lRV6Sg9bNFlEs1EP/P
                                                                                                                                                                                                          MD5:2709879E969E046EDE85873C9A89204A
                                                                                                                                                                                                          SHA1:293ABAB9D2FCE6D109E9831DF70EDD10B9F20FDA
                                                                                                                                                                                                          SHA-256:75964924F1ECBC7E0BA7750E24C8A14E0C3BFF258A43037CCC6D6478ECAB2044
                                                                                                                                                                                                          SHA-512:6E511C0A5037EEB41D8522B32AE5945C7308447A40AED541AF3A360424904E23B8FCE0A5ACB3C2EDCD2AA9037851AE6B46D6C49D446C9ED4C8FECD894A340E0A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:.... .c......p......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.0445382698033491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:G4l2uUmS9SlIllCl2uUmS9S/lElL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2qS9SS/Cl2qS9SaL9XXPH4l942U
                                                                                                                                                                                                          MD5:7985739CC2D9BDB357D903B2E289938F
                                                                                                                                                                                                          SHA1:2A8F94687B76E258659B098E793211D1B75AD9A7
                                                                                                                                                                                                          SHA-256:4BD675FFA1144E43640980121E493FD08BF7D4A8974216939F09EB840C9379A9
                                                                                                                                                                                                          SHA-512:8CDD29443496BDBC7B4EBFFC65C9EE8ACB43E86D77EE4BAF70789DDBA57A53D5FABD34871D0C50D88B7698DD7B202280AC64FB4AB4BB76496958826F8093937F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..-.......................!S7.....f.(pv.w.....u..-.......................!S7.....f.(pv.w.....u........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45352
                                                                                                                                                                                                          Entropy (8bit):0.3932975322443308
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:xEhGQ1KD9UUll7DYMKDmTzO8VFDYMKDpg:Gsll4yjVG
                                                                                                                                                                                                          MD5:7A777871072672584EDE216C203A052D
                                                                                                                                                                                                          SHA1:C148622005D7BD407446BC42D963E8EC3683A239
                                                                                                                                                                                                          SHA-256:0B8B5BDF966B26CECD893C757AF68D825A5925FA86925CF15507D0F28F98B664
                                                                                                                                                                                                          SHA-512:328AE157B7D00D78C2A06DFEB3ED724C0CB1FA3368301916C598DBB3BE0A5C5341324567647A297111100ADEBBE3F80E61ECBA3036032BD1EA1A1439ED651BBD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:7....-............f.(pv.M..G.A...........f.(pv...$a.6..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                          Entropy (8bit):3.859553847669366
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:uiTrlKxsxxKxl9Il8uHnU+RuwkaWDcs0E9cz41aO+ad1rc:vuYhU+RurDx0EN1aO+Z
                                                                                                                                                                                                          MD5:0AA502D9FAFA155F25F2368D3CBE212C
                                                                                                                                                                                                          SHA1:041808DC52C934012D3E4D0CF796A9B58977FD92
                                                                                                                                                                                                          SHA-256:E888F8C53B163D33D2CBF35C2219F73BEF99195A32502358F3820B01CC1DF33C
                                                                                                                                                                                                          SHA-512:8B52EA9B4A01D632D142F5D9007D5F901DFB32D021912DFB245407C8768CEC921C4A2C640ECBFD2D49B83AA6F73B229EFC368EE04D6434A2389FDC27FE3BED39
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.X.W.m.l.c./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.L.p.C.z.j.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                          Entropy (8bit):3.906620664861697
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:uiTrlKxJxncxl9Il8uHnzgX86S2PKgtSKIUN0qauxwJdlV9ciSd/vc:KQYhzQc5UN0v5JdlvZv
                                                                                                                                                                                                          MD5:F10FB301337FCE21629283B7A6356B57
                                                                                                                                                                                                          SHA1:838EFD2B99A779D292B1808387771502FF8D6850
                                                                                                                                                                                                          SHA-256:9D4A88340AD1C26D68165D1754F36BB4A35C3F861FC7A07A37C0E01E4A54389A
                                                                                                                                                                                                          SHA-512:BADEB4C114BAFC20E78C326EFDB7953D71A0BA201FC1BE61B930C6F0745BA78C673DEB2D5DE15F483C52381A2EA7A78672CC61BF527BF02F733B66BA2AA5BF75
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".P.W.t.k.s.i.B.e.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.L.p.C.z.j.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4542
                                                                                                                                                                                                          Entropy (8bit):3.995135610464541
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:zoYhSZzXcjl77z9yYMnoC4UBlHQEddPpMmcyQD:cXZwjlHz9soC1lHz/PCmiD
                                                                                                                                                                                                          MD5:E25E91BB5D2F5A2B42B0AEF2190BB432
                                                                                                                                                                                                          SHA1:82A1E56A5B5820FBF521D5C86AB70E7DF611B472
                                                                                                                                                                                                          SHA-256:2F1A370B4443AAC9B456387CDA1BE0647A28A29145BD48264B34107BDED0F4A1
                                                                                                                                                                                                          SHA-512:B53198CDEB9DD3B3C3889B094E7E24BCF39F7168B06DF2D1727DE5BED7209079622F88483D7137A524C371E380A432C6E21463A908D262138B49BA8815622E48
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.u.7.3.g.E.8./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.L.p.C.z.j.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{79D3CCB3-4F8A-4FC2-AE0B-D378A176F094}.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27608
                                                                                                                                                                                                          Entropy (8bit):3.5030595155313717
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:+FkY1df28IQ4tvQ2MU1yIQ408V2hgA2kOolo33tNhP5IQ4CLIQ4ooIwtN5Lw8qAp:y1Nkv1Polo33tvOYhDS+Fw
                                                                                                                                                                                                          MD5:770C42D4C4CFE211B4676D9C490EF3CA
                                                                                                                                                                                                          SHA1:AF7A0AC27F1B79437DD510BBD2C6F5C1A7EA7067
                                                                                                                                                                                                          SHA-256:CCF9D4C8697DE498AA37DF04B889517210D15D9D2948D63460BB17383D059283
                                                                                                                                                                                                          SHA-512:6C5D32936BF959C5E1B5E68E271837EAA288FA02681EDECD93EC3B86FE5D556A77FF73C40739517731F5C069F11F79105EDFB7530BF02B7A467A16A39E179ABB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........C.h.a.r.i.s. .C.a.s.e.y. .H.a.m.p.t.o.n...A.c.c.o.u.n.t.s. .P.a.y.a.b.l.e...3.3.4.-.3.8.6.-.5.4.1.3.......F.r.o.m.:. .A.n.d.r.e.a. .A.l.b.r.i.g.h.t. .<.a.a.l.b.r.i.g.h.t.@.a.x.i.m.i.n.c...c.o.m.>. ...S.e.n.t.:. .W.e.d.n.e.s.d.a.y.,. .N.o.v.e.m.b.e.r. .2.0.,. .2.0.2.4. .4.:.4.2. .P.M...T.o.:. .H.E.T. .A.c.c.o.u.n.t.s. .P.a.y.a.b.l.e. .<.a.p.@.h.a.r.t.z.e.l.l...a.e.r.o.>...S.u.b.j.e.c.t.:. .....................................................................................................................................2...T...n...p...r...................L...N...d...f...Z...\...^...2...4...6...`!...&...&...'.....................................................................................................................................................................................................................................................................................................................................................................................-D..M

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732548736568439200_FC7FAF40-2B5F-4BDB-A8F4-F5C674377A20.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.009294272626255567
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:EqwSksChKT5LChkjSzyssY48POp4HfoKxmOdfDqgmchlB:Eq9pT5LukjSzys48POpufoemKfDqklB
                                                                                                                                                                                                          MD5:C432AA4B9E42D947249662528A30EC0F
                                                                                                                                                                                                          SHA1:DF9894B4BA46C2D01BDC8162C27FD8D6C679A5DE
                                                                                                                                                                                                          SHA-256:2628FD3D9213914CECADFF9DD2E0F13A6B126EB9AB7C5ACC16B7483867380A45
                                                                                                                                                                                                          SHA-512:4DA4470535F38A5EE248AD02F674DCF8AA669E4EBD490226BAF9653C7BFCC1E36C29DF3C0C0AADA8DD8EF571D5F9817334EC658696B1A2ED84328A28515FB506
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/25/2024 15:32:16.634.OUTLOOK (0x1C90).0x1C94.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-11-25T15:32:16.634Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"130E8136-CCA6-4213-93EC-260110519853","Data.PreviousSessionInitTime":"2024-11-25T15:31:52.532Z","Data.PreviousSessionUninitTime":"2024-11-25T15:31:55.922Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/25/2024 15:32:16.713.OUTLOOK (0x1C90).0x1DB0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732548736569207700_FC7FAF40-2B5F-4BDB-A8F4-F5C674377A20.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1032160134-7312.etl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):204800
                                                                                                                                                                                                          Entropy (8bit):4.892880574484353
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:/l4sc9JDiXTrvRA2F5wM9DE7tEZMOiMSO1fqF5O5YyLfKi:/l4sczDiXvgmLii
                                                                                                                                                                                                          MD5:45EC3007D23A8D0207FDABF5858A49E3
                                                                                                                                                                                                          SHA1:32147F57661FB5EFA613014A02C971302E8A8179
                                                                                                                                                                                                          SHA-256:3A3E56CB53E82E3A0F23761E2D666804D0BACAEB7898461786C50BDDE012CECC
                                                                                                                                                                                                          SHA-512:E74C7C4B052E57B4985C737728242392D36120A6C8312C82195D3B69F46BE86E4A5597C87D5CC5636CECCD1E51A08BF9D4BEE864E7330BB2ABEDFE16F85A67F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:............................................................................d............W.4O?..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................Y]............W.4O?..........v.2._.O.U.T.L.O.O.K.:.1.c.9.0.:.d.f.9.d.3.3.6.0.9.5.0.7.4.a.9.e.a.0.5.2.9.6.8.c.f.0.2.e.c.0.1.1...C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.5.T.1.0.3.2.1.6.0.1.3.4.-.7.3.1.2...e.t.l...........P.P.........9..4O?..................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF76481DD69CEB0FDE.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):163840
                                                                                                                                                                                                          Entropy (8bit):0.4041863377211681
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:6A+VoSfYsmMZmkdbmZOOtwAdDMn4jUdAG1dec2NgiXHWQjuqAbAF/:+tzsz5Mn4jUdocZiXHjuqM
                                                                                                                                                                                                          MD5:85FDEC005D196ADBDAE12A7F304AA1D1
                                                                                                                                                                                                          SHA1:803F385F3D437C9D3CD7E73BBAD2A21F02D75EB8
                                                                                                                                                                                                          SHA-256:3C2D040D4CD620FCD0F7804399359901BE25B9DC711AD0F0A28EC392F3320006
                                                                                                                                                                                                          SHA-512:DE5737D0EE3FCE8FA1A11B5106FC18D3231F2FC2B378D66227B2885738D9DE1FC59AF4DF602909E2190A2262823A2239FF6D4FC5297D44E65714BC2F04EDC87E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                          Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:gPzllt:gPz
                                                                                                                                                                                                          MD5:10AACA0E9BCACE469AA00F6C94F216B5
                                                                                                                                                                                                          SHA1:77F899C0745A818F8360A5C6D6FF9655967CC662
                                                                                                                                                                                                          SHA-256:F18A79200B209BD17AB32B6E3937BDD5576872BF6D32F30485AF5C88D8D725E7
                                                                                                                                                                                                          SHA-512:B1A9B76F75A929FF1294C8F39D14E290438CC44DA6D153E89F59980EAEE4536C5915C3CF8BC7835EAA56E152F1847CBF7A2E4ABD91CC2E497E70D189AD075D11
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.....j........................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                          Entropy (8bit):0.6696350855722552
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:rl3baFJkqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCV:rsmnq1Py961V
                                                                                                                                                                                                          MD5:236FD0276CF58F653E86F580966B3F92
                                                                                                                                                                                                          SHA1:A38DD8AFF2E8F3E9516C63EA58878EC35FB7A191
                                                                                                                                                                                                          SHA-256:C1F5D682A835B116E84222C908CA5F464483B33B953EFFB254097E8E0228D3F4
                                                                                                                                                                                                          SHA-512:9716A116D83B1666DB4C9F320ECA3304AE1E0F5368D0884BC132CC12D2A7344D0790620DCF885F491F0E92C427BA3DEE0E10A07C101070014D078086A5399C52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18
                                                                                                                                                                                                          Entropy (8bit):2.836591668108979
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:QN4u69n:Q89n
                                                                                                                                                                                                          MD5:317D710B374C16A911806567A3FE9EFD
                                                                                                                                                                                                          SHA1:AB472DB59E4BA1F693A5E8F26A0DC778956265E5
                                                                                                                                                                                                          SHA-256:FA28263E17B88B96F991001A1CA0AAC251F51FFB6307A0465AB1501516256298
                                                                                                                                                                                                          SHA-512:6D5B6DBCEC2303D6A5F9DCF35D1D1840F3DD5C9AB638503A889B96D599C072476D573A288B48F796FBC5F9FD96EA730975D1765211B73E19699C4F0F464BDDC7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..h.u.b.e.r.t.....

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271360
                                                                                                                                                                                                          Entropy (8bit):1.4698744591826505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:XQcFagLeDSCzvO2bfqG36kc4iopG9Ez8ZqjpotNVTI:lCDSUDfN3MudjKtg
                                                                                                                                                                                                          MD5:88F68CD796F5692831944D8B948DD0E4
                                                                                                                                                                                                          SHA1:9B75FEE27F140A9C05C7523B89F2CB38F7EE6BA0
                                                                                                                                                                                                          SHA-256:CE1D5876C53A58E151E5E75FF3985C08A94C604EB2681F49B8892CD5AFCDE2FD
                                                                                                                                                                                                          SHA-512:5516C1E35ECF8313AEE345368DA3482FF6017211EA5DCD9FD85CC1097C40A27EDD6F52FA27F2CC10BEDF3EEB1A6ABEA28822728C8137EF601E998883446108A1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!BDN..!QSM......\....h..................]................@...........@...@...................................@...........................................................................$.......D......@B..........................................................................................................................................................................................................................................................................................................................@.........].".2.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                                          Entropy (8bit):0.8111714231208389
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R2UEntDeZorzEiJavm4LvAvXNBBVUUchc7FpzavfT:dEtDe7igvmHTZC3
                                                                                                                                                                                                          MD5:EF2F78598173992310C8CB618BD9E0AF
                                                                                                                                                                                                          SHA1:F2901D5DCCD9B73444A0632C317C3AEED80A7727
                                                                                                                                                                                                          SHA-256:E7A01EEF0DF4D90FD18088112E6E103DA8F812412B659DB8BD8C7BAC6BEDE39A
                                                                                                                                                                                                          SHA-512:D4D4EE0B65195535B3843863E30F3F6967B68D84CEE5AA2EE4DAE376AF114C91A38994181C53D2420561ED1C8DCE9314F699A712CD5B0FCEC49B8ABADA76BED3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..%C...W...........}.E2O?....................#.!BDN..!QSM......\....h..................]................@...........@...@...................................@...........................................................................$.......D......@B..........................................................................................................................................................................................................................................................................................................................@.........].".2.}.E2O?.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                          Entropy (8bit):4.385426661819512
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                          • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                          File name:FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg
                                                                                                                                                                                                          File size:95'744 bytes
                                                                                                                                                                                                          MD5:7186e4d931b9a960f15cc69ff2eaf628
                                                                                                                                                                                                          SHA1:a57c2f372933c34d77cb52cb1c0f476ebb58c973
                                                                                                                                                                                                          SHA256:0d8bbfc4ec87782b0d67cabcf9a9b31a189cf7768c6e512714ccdba10bd95a20
                                                                                                                                                                                                          SHA512:a32b609fa976189a194e5e132f22357d06cc6500104549a955c247708cdae588aebba61634c4a123b74cd602575579b0bbc1d2d99579a9ef4092ac3d82bd451a
                                                                                                                                                                                                          SSDEEP:1536:0w700jiCVi8qL7EBpsjfaWkWPVWAWzDjfEWWWPw:B70MiCVi8uEB+bWbpw
                                                                                                                                                                                                          TLSH:FD93032536E94515F2B7DB718AF380679626FC92ED349B4F21D5330E0AB1940AC62B3F
                                                                                                                                                                                                          File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                          Static Mail

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Subject:FW: [EXTERNAL] Payment Status - Open Balance - Alard Engineering
                                                                                                                                                                                                          From:HET Accounts Payable <ap@hartzell.aero>
                                                                                                                                                                                                          To:"Jones; Bruce" <bjones@hartzell.aero>
                                                                                                                                                                                                          Cc:
                                                                                                                                                                                                          BCC:
                                                                                                                                                                                                          Date:Mon, 25 Nov 2024 16:04:55 +0100
                                                                                                                                                                                                          Communications:
                                                                                                                                                                                                          • Charis Casey Hampton Accounts Payable 334-386-5413
                                                                                                                                                                                                          • From: Andrea Albright <aalbright@aximinc.com> Sent: Wednesday, November 20, 2024 4:42 PM To: HET Accounts Payable <ap@hartzell.aero> Subject: Re: [EXTERNAL] Payment Status - Open Balance - Alard Engineering Warning! This message was sent from outside of the HPI/HET companies. Do not click on links or open attachments unless you have verified with the sender, and know that the content is safe. ________________________________ 161092.PDF <https://url.us.m.mimecastprotect.com/s/nlFaCM8XJrFnjO2skhVH81eHU?domain=bizcreditservices.sharepoint.com> Hi There, I've attached the invoice for you here and forwarded your email onto the Owner and will follow up from there. Thank you! Andrea | A/R Department | Celtic Capital Corporation Direct Dial: 760-400-1069 Fax: 818-737-3701 aalbright@aximinc.com <mailto:aalbright@aximinc.com> ________________________________
                                                                                                                                                                                                          • From: HET Accounts Payable <ap@hartzell.aero <mailto:ap@hartzell.aero> > Sent: Wednesday, November 20, 2024 12:16 PM To: Andrea Albright <aalbright@aximinc.com <mailto:aalbright@aximinc.com> > Subject: RE: [EXTERNAL] Payment Status - Open Balance - Alard Engineering Please send me this invoice below. Also we sent parts back but because company is closed, the parts were sent back to us so we should have some credits on our account. Charis Casey Hampton Accounts Payable 334-386-5413
                                                                                                                                                                                                          • From: Andrea Albright <aalbright@aximinc.com <mailto:aalbright@aximinc.com> > Sent: Wednesday, November 20, 2024 1:23 PM To: HET Accounts Payable <ap@hartzell.aero <mailto:ap@hartzell.aero> > Subject: Re: [EXTERNAL] Payment Status - Open Balance - Alard Engineering Warning! This message was sent from outside of the HPI/HET companies. Do not click on links or open attachments unless you have verified with the sender, and know that the content is safe. ________________________________ Hi Charis, Just wanted to follow up on the invoice past due below and if any updates? Thanks! # Inv.Date Inv.Number PO Number Inv.Total Inv.Due Date Aged Inv.Code Other [ ] 1 08/23/2024 161092 N/A $1,181.88 09/22/2024 59 1 [ ] Andrea | A/R Department | Celtic Capital Corporation Direct Dial: 760-400-1069 Fax: 818-737-3701 aalbright@aximinc.com <mailto:aalbright@aximinc.com> ________________________________
                                                                                                                                                                                                          • From: HET Accounts Payable <ap@hartzell.aero <mailto:ap@hartzell.aero> > Sent: Monday, October 28, 2024 8:54 AM To: Andrea Albright <aalbright@aximinc.com <mailto:aalbright@aximinc.com> > Subject: RE: [EXTERNAL] Payment Status - Open Balance - Alard Engineering We have net30. Below statement has us due upon receipt. Will you please update so I do not receive these emails. Charis Casey Hampton Accounts Payable 334-386-5413
                                                                                                                                                                                                          • From: Andrea Albright <aalbright@aximinc.com <mailto:aalbright@aximinc.com> > Sent: Friday, October 25, 2024 6:33 PM To: HET Accounts Payable <ap@hartzell.aero <mailto:ap@hartzell.aero> > Subject: [EXTERNAL] Payment Status - Open Balance - Alard Engineering Warning! This message was sent from outside of the HPI/HET companies. Do not click on links or open attachments unless you have verified with the sender, and know that the content is safe. ________________________________ Dear Customer, We show the following invoice(s) open and past due on your account with Alard Engineering. Based on the notification letter you received in May, these invoices are due and payable to Alard's lender, Celtic Capital. If you need the notification letter again, let me know. Please review and provide me with an update as to when we can expect payment for these. Inv.Date Inv.Number Inv.Total Inv.Due Date Aged Inv.Code Other 10/18/2024 161451 $2330.00 10/18/2024 7 0 10/18/2024 161452 $3495.00 10/18/2024 7 0 If you have any questions or need any documents, I can be reached via the contact info below. ***PLEASE ENSURE PAYMENTS FOR THESE INVOICES ARE MADE ONLY TO THE FOLLOWING (if you would like to pay via ACH, I can provide the bank and routing number for you. It is also on the notification letter you received): Celtic Capital Corporation 23622 Calabasas Road, Suite 323 Calabasas, CA 91302 If a check has been sent, please send me the check amount, check number, the date it was mailed and the invoices it covered. We appreciate your prompt attention to this matter. Andrea | A/R Department | Celtic Capital Corporation Direct Dial: 760-400-1069 Fax: 818-737-3701 aalbright@aximinc.com <mailto:aalbright@aximinc.com>
                                                                                                                                                                                                          Attachments:

                                                                                                                                                                                                            Headers

                                                                                                                                                                                                            Key Value
                                                                                                                                                                                                            Receivedfrom SN7PR22MB4125.namprd22.prod.outlook.com
                                                                                                                                                                                                            1504:55 +0000
                                                                                                                                                                                                            Authentication-Resultsdkim=none (message not signed)
                                                                                                                                                                                                            by PH7PR22MB5159.namprd22.prod.outlook.com (260310b6:510:321::21) with
                                                                                                                                                                                                            2024 1504:55 +0000
                                                                                                                                                                                                            ([fe80:bce7:a9c5:74b:8395%4]) with mapi id 15.20.8182.018; Mon, 25 Nov 2024
                                                                                                                                                                                                            Content-Typeapplication/ms-tnef; name="winmail.dat"
                                                                                                                                                                                                            Content-Transfer-Encodingbinary
                                                                                                                                                                                                            FromHET Accounts Payable <ap@hartzell.aero>
                                                                                                                                                                                                            To"Jones, Bruce" <bjones@hartzell.aero>
                                                                                                                                                                                                            SubjectFW: [EXTERNAL] Payment Status - Open Balance - Alard Engineering
                                                                                                                                                                                                            Thread-Topic[EXTERNAL] Payment Status - Open Balance - Alard Engineering
                                                                                                                                                                                                            Thread-IndexAQHbJzY/71hXPypU/kOjFvGdbRIM5bKcSBMQgCRsRcuAAA+c0IAAJ0ohgAddcuA=
                                                                                                                                                                                                            X-MS-Exchange-MessageSentRepresentingType1
                                                                                                                                                                                                            DateMon, 25 Nov 2024 15:04:55 +0000
                                                                                                                                                                                                            Message-ID<SN7PR22MB412552E0DA84CFE9A3B33581DF2E2@SN7PR22MB4125.namprd22.prod.outlook.com>
                                                                                                                                                                                                            References<5387790e4d8345fa802fd17740e700dd@aximinc.com>
                                                                                                                                                                                                            In-Reply-To<DS0PR05MB979982DCA7D195E4FA8975C1A2212@DS0PR05MB9799.namprd05.prod.outlook.com>
                                                                                                                                                                                                            Accept-Languageen-US
                                                                                                                                                                                                            Content-Languageen-US
                                                                                                                                                                                                            X-MS-Has-AttachX-MS-Exchange-Organization-SCL: 1
                                                                                                                                                                                                            X-MS-TNEF-Correlator<SN7PR22MB412552E0DA84CFE9A3B33581DF2E2@SN7PR22MB4125.namprd22.prod.outlook.com>
                                                                                                                                                                                                            MIME-Version1.0
                                                                                                                                                                                                            X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthSourceSN7PR22MB4125.namprd22.prod.outlook.com
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthAsInternal
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthMechanism04
                                                                                                                                                                                                            X-MS-Exchange-Organization-Network-Message-Id8da806eb-23fa-4492-fa5c-08dd0d6285a2
                                                                                                                                                                                                            X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                            X-MS-TrafficTypeDiagnosticSN7PR22MB4125:EE_|PH7PR22MB5159:EE_|PH0PR22MB2567:EE_
                                                                                                                                                                                                            Return-Pathap@hartzell.aero
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTime25 Nov 2024 15:04:55.9848
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                                                                                                            X-MS-Office365-Filtering-Correlation-Id8da806eb-23fa-4492-fa5c-08dd0d6285a2
                                                                                                                                                                                                            X-Microsoft-AntispamBCL:0;ARA:13230040|366016|69100299015|8096899003|3613699012|41050700001;
                                                                                                                                                                                                            X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR22MB4125.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(69100299015)(8096899003)(3613699012)(41050700001);DIR:INT;
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-OriginalArrivalTime25 Nov 2024 15:04:55.6034
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-Id511ff2d9-2fd5-4270-8b9d-355af4742833
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-AuthSourceSN7PR22MB4125.namprd22.prod.outlook.com
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-AuthAsInternal
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-Network-Message-Id8da806eb-23fa-4492-fa5c-08dd0d6285a2
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-UserPrincipalNamepb/Romfbz4C6uLGxTu6++/W2aj7PVLif58Hh8x3H0+uDfLODZPQ4snXyvCI3B9FahYKCvo88Y3sLOT3ZUj0cvA==
                                                                                                                                                                                                            X-MS-Exchange-Transport-CrossTenantHeadersStampedPH7PR22MB5159
                                                                                                                                                                                                            X-MS-Exchange-Transport-EndToEndLatency00:00:04.4065958
                                                                                                                                                                                                            X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                                                                                                                                                                                                            X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
                                                                                                                                                                                                            X-Microsoft-Antispam-Message-Info3n6O1gX9L6AilCEIrKUZqTcwl+V+mzPahPGFO3LaGjAXJymH3PYRcBtxfSw+7BajVx1iGIl/lAHoHk1MEQtHWmiRQWmQ/R6o7AIXRsz0St0TylB6ziELHmuAnmKjjreh1cEuGoDN/FzulpnhQuHdh3qEUNlOhrXbRuIJZSUiDJarMJYezknpr7k9MIhnlLJRbRIEWijo4VQ6e1QFBDuJZwz53kxJ10YFZnUIW+g/J+BE+Yjr+Y7POme5WYjUtopbDWQMni8mX7Zxj8IObZ/3L3M5oVAYwCAGCNyDNhItLAVhaZcOrQAlJIvPm8RsjY9so8YIWy4xV5AJNqIk3fH8MPdXrKc7aw2MYBjRGFzlWHl+xHQbcR+LE04asQEeLhrZDAreDRgxVXRVfchpO5e6I9C65DldN6jzBvMu/GqjZ1ETZJee5WnuoZy871xlObdzMaaA4y6WL/Iv6HsszCDanI2qzhxwM8HW0h+ckeBIGn7/jho/QjaceXT17SEMAVLq8rIqyNlSP2tuLURJcAxksIJ5tcUZlvKOg+5KeJITtba3nHODj7YA7iufe8UK3YId9Ra8VboKftlc1wSejvGQCbbXjBI5G6W/q6ZcmekpqBQNxd6w06xow2MZ3Lq2EUy/vPhv8kpOERdMRDb/ZjOa3VXGV0FPRgjTtWn+2LMqPF4e26oZiKRXlc4YwBzFDWLA99MwJ1HXPnXups1Dyr5/58NBVU/IcaKTFWxx4I3k8Fz1llL79WrLDoB0zI2/E1v2LYuSTV27PA7iigYiU675F89gdxYNWsJboB/U46stjRDLKUh3DpgB2FApVGV8ihD2WcUEHDXgl/IoS2Z/YXnuQ3C2dig48UI6bbN3Ts9+H6k=
                                                                                                                                                                                                            dateMon, 25 Nov 2024 16:04:55 +0100

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 25, 2024 16:32:24.110490084 CET1.1.1.1192.168.2.80xd671No error (0)windowsupdatebg.s.llnwi.net178.79.238.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 25, 2024 16:33:28.507690907 CET1.1.1.1192.168.2.80x3037No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 25, 2024 16:33:28.507690907 CET1.1.1.1192.168.2.80x3037No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:10:32:11
                                                                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW EXTERNAL Payment Status - Open Balance - Alard Engineering.msg"
                                                                                                                                                                                                            Imagebase:0x90000
                                                                                                                                                                                                            File size:34'446'744 bytes
                                                                                                                                                                                                            MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                            Start time:10:32:17
                                                                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93A4EEFE-DF19-4C69-8AAB-B1B54C1241CA" "EFE18815-4812-48F6-903B-355D2E310B23" "7312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                            Imagebase:0x7ff6ba220000
                                                                                                                                                                                                            File size:710'048 bytes
                                                                                                                                                                                                            MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            No disassembly