Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FW Wendy PO Box 601.msg

Overview

General Information

Sample name:FW Wendy PO Box 601.msg
Analysis ID:1562626
MD5:23be19dde24dece57e01384322fd63b4
SHA1:a8de4eccfe87cf88c7b2e6bfcfb3e930c7ac9e8e
SHA256:3c04a175094ff7a0dd2928f7986fab613498a01dd48b14446a78931e4be8edab
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7912 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW Wendy PO Box 601.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7520 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6FC303B6-BB6E-4043-BA69-57513175B2F4" "B4863E8F-C3BA-4190-8C90-577E98F89BBB" "7912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7912, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Extremely vague and suspicious subject/content with just a PO Box number. External Gmail address sending to a business email, with minimal context. Attachment named after the recipient is a common phishing tactic
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.aadrm.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.aadrm.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.cortana.ai
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.microsoftstream.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.office.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.onedrive.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://api.scheduler.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://app.powerbi.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://augloop.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://augloop.office.com/v2
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://canary.designerapp.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.entity.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cortana.ai
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cortana.ai/api
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://cr.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://d.docs.live.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dev.cortana.ai
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://devnull.onenote.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://directory.services.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ecs.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://edge.skype.com/rps
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://graph.windows.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://graph.windows.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ic3.teams.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://invites.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://lifecycle.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.microsoftonline.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.windows.local
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://make.powerautomate.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://management.azure.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://management.azure.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.action.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://messaging.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://mss.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ncus.contentsync.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officeapps.live.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officepyservice.office.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://onedrive.live.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office365.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office365.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://powerlift.acompli.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://res.cdn.office.net
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://service.powerapps.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://settings.outlook.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://staging.cortana.ai
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://substrate.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://webshell.suite.office.com
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://wus2.contentsync.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: BECD09EA-6910-4C22-846D-4BB282A8495E.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: sus21.winMSG@3/14@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1348430556-7912.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW Wendy PO Box 601.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6FC303B6-BB6E-4043-BA69-57513175B2F4" "B4863E8F-C3BA-4190-8C90-577E98F89BBB" "7912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6FC303B6-BB6E-4043-BA69-57513175B2F4" "B4863E8F-C3BA-4190-8C90-577E98F89BBB" "7912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
    		high
    https://login.microsoftonline.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
      		high
      https://shell.suite.office.com:1443BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
        		high
        https://designerapp.azurewebsites.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
          		high
          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
            		high
            https://autodiscover-s.outlook.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
              		high
              https://useraudit.o365auditrealtimeingestion.manage.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                		high
                https://outlook.office365.com/connectorsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                  		high
                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                    		high
                    https://cdn.entity.BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                      		high
                      https://api.addins.omex.office.net/appinfo/queryBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                        		high
                        https://clients.config.office.net/user/v1.0/tenantassociationkeyBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                          		high
                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                            		high
                            https://powerlift.acompli.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                              		high
                              https://rpsticket.partnerservices.getmicrosoftkey.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                		high
                                https://lookup.onenote.com/lookup/geolocation/v1BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                  		high
                                  https://cortana.aiBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                    		high
                                    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                      		high
                                      https://api.powerbi.com/v1.0/myorg/importsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                        		high
                                        https://notification.m365.svc.cloud.microsoft/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                          		high
                                          https://cloudfiles.onenote.com/upload.aspxBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                            		high
                                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                              		high
                                              https://entitlement.diagnosticssdf.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                		high
                                                https://api.aadrm.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                  		high
                                                  https://ofcrecsvcapi-int.azurewebsites.net/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                    		high
                                                    https://canary.designerapp.BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                      		high
                                                      https://ic3.teams.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                        		high
                                                        https://www.yammer.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                          		high
                                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                            		high
                                                            https://api.microsoftstream.com/api/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                              		high
                                                              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                		high
                                                                https://cr.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                  		high
                                                                  https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                    		high
                                                                    https://messagebroker.mobile.m365.svc.cloud.microsoftBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoftBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                        		high
                                                                        https://portal.office.com/account/?ref=ClientMeControlBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                          		high
                                                                          https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                            		high
                                                                            https://edge.skype.com/registrar/prodBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                              		high
                                                                              https://graph.ppe.windows.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                		high
                                                                                https://res.getmicrosoftkey.com/api/redemptioneventsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                  		high
                                                                                  https://powerlift-frontdesk.acompli.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                    		high
                                                                                    https://officeci.azurewebsites.net/api/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                      		high
                                                                                      https://sr.outlook.office.net/ws/speech/recognize/assistant/workBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                        		high
                                                                                        https://api.scheduler.BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                          		high
                                                                                          https://my.microsoftpersonalcontent.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                            		high
                                                                                            https://store.office.cn/addinstemplateBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                              		high
                                                                                              https://api.aadrm.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                		high
                                                                                                https://edge.skype.com/rpsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                    		high
                                                                                                    https://globaldisco.crm.dynamics.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                      		high
                                                                                                      https://messaging.engagement.office.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                        		high
                                                                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                          		high
                                                                                                          https://dev0-api.acompli.net/autodetectBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                            		high
                                                                                                            https://www.odwebp.svc.msBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                              		high
                                                                                                              https://api.diagnosticssdf.office.com/v2/feedbackBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                		high
                                                                                                                https://api.powerbi.com/v1.0/myorg/groupsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                  		high
                                                                                                                  https://web.microsoftstream.com/video/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                    		high
                                                                                                                    https://api.addins.store.officeppe.com/addinstemplateBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                      		high
                                                                                                                      https://graph.windows.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                        		high
                                                                                                                        https://dataservice.o365filtering.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                          		high
                                                                                                                          https://officesetup.getmicrosoftkey.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                            		high
                                                                                                                            https://analysis.windows.net/powerbi/apiBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                              		high
                                                                                                                              https://prod-global-autodetect.acompli.net/autodetectBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                		high
                                                                                                                                https://substrate.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.jsonBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://consent.config.office.com/consentcheckin/v1.0/consentsBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://d.docs.live.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://safelinks.protection.outlook.com/api/GetPolicyBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ncus.contentsync.BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://syncservice.o365syncservice.com/"BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://weather.service.msn.com/data.aspxBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://apis.live.net/v5.0/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://officepyservice.office.net/service.functionalityBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://templatesmetadata.office.net/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://messaging.lifecycle.office.com/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://planner.cloud.microsoftBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://mss.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://pushchannel.1drv.msBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://management.azure.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://outlook.office365.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://wus2.contentsync.BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://incidents.diagnostics.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://clients.config.office.net/user/v1.0/iosBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://make.powerautomate.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://api.addins.omex.office.net/api/addins/searchBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://insertmedia.bing.office.net/odc/insertmediaBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://outlook.office365.com/api/v1.0/me/ActivitiesBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://api.office.netBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://incidents.diagnosticssdf.office.comBECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://asgsmsproxyapi.azurewebsites.net/BECD09EA-6910-4C22-846D-4BB282A8495E.0.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          No contacted IP infos

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1562626
                                                                                                                                                                                                          Start date and time:2024-11-25 19:47:40 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 4m 29s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:6
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:FW Wendy PO Box 601.msg
                                                                                                                                                                                                          Detection:SUS
                                                                                                                                                                                                          Classification:sus21.winMSG@3/14@0/0
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .msg

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 2.18.109.164, 52.109.28.47, 52.111.252.16, 52.111.252.18, 52.111.252.15, 52.111.252.17, 20.42.73.26
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, e16604.g.akamaiedge.net, onedscolprdeus09.eastus.cloudapp.azure.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, fs.microsoft.com, prod-all.naturallanguageeditorservice.osi.office.net.akadns.net, otelrules.azureedge.net, prod-inc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, prod.configsvc1.live.com.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, uks-azsc-000.roaming.officeapps.live.com, nleditor.osi.office.net, s-0005.s-msedge.net, config.office
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • VT rate limit hit for: FW Wendy PO Box 601.msg

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):231348
                                                                                                                                                                                                          Entropy (8bit):4.382373581748627
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:MIYLTggs5cvnuFzbegsdxNcAz79ysQqt2427KqoQuxrcm0FvzccycT/61gDrbdfT:e8gtAOg4miGu2kqoQkrt0FvocRjEt9HW
                                                                                                                                                                                                          MD5:A5CF137B39D8D9E60C4CB173C094C978
                                                                                                                                                                                                          SHA1:AE789DFF0C2415261214E79992858D7308C293BB
                                                                                                                                                                                                          SHA-256:35752EAA57CFFBF958BA24D0B2602FED0860B1DA0ECD0659F06BCD2D36832DC6
                                                                                                                                                                                                          SHA-512:9C4593E3B5AD56F7182343687AF5DB1B00421D2095292C66E6A610194976B7D3237C6DFF2D5A89AAF38925DA4513850ADB1B9736697F21B4EB8C8A9DAB28F13C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:TH02...... ...S.j?......SM01X...,.....E.j?..........IPM.Activity...........h...............h............H..h.U.....V..c...h........P..H..h\jon ...ppDa...h..|.0...8.U....h...............h........_`.j...h...@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h.YY.....P.U...#h....8.........$hP......8....."h............'h..f...........1h....<.........0h....4.....j../h....h......jH..h...p....U...-h .......|.U...+h.........U................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1869
                                                                                                                                                                                                          Entropy (8bit):5.093142491884982
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cG3JFnzyr3InzysWkSyrpednzyrXHnzyMySyKUdSyqIASyaNdyDhdycFJdyYFdyO:hF27I2sVbded2rH2MybKUdbqIAbAEDhZ
                                                                                                                                                                                                          MD5:956024B9D5D2F5E1642D881685FAE8B4
                                                                                                                                                                                                          SHA1:36F7B6C8D233856B2E735EC4CBEBFF4F1119D43E
                                                                                                                                                                                                          SHA-256:7F118B4144F6F42F11DCFFD00CB0DCF3D6BB2342301D3893A1D72B99400E190F
                                                                                                                                                                                                          SHA-512:CB5B0D533D8539EB19E2B9EBEE2A1013ECBB2CD56B6A69D222F9C1B48667C164AD447F980D1879F96C3DD44F033D49EA7CE67BFB5D0E10619B6245908E3A5F06
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos Display_45876482</Id><LAT>2023-10-04T10:58:38Z</LAT><key>29442803203.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-04T10:58:38Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-04T10:58:38Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-04T10:58:38Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T10:58:38Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T10:58:38Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):521377
                                                                                                                                                                                                          Entropy (8bit):4.9084889265453135
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                                                                                                                                                          MD5:C37972CBD8748E2CA6DA205839B16444
                                                                                                                                                                                                          SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                                                                                                                                                          SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                                                                                                                                                          SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):773040
                                                                                                                                                                                                          Entropy (8bit):6.55939673749297
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                                                                                                                                                          MD5:4296A064B917926682E7EED650D4A745
                                                                                                                                                                                                          SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                                                                                                                                                          SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                                                                                                                                                          SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\BECD09EA-6910-4C22-846D-4BB282A8495E

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):181859
                                                                                                                                                                                                          Entropy (8bit):5.295329959076165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:0i2XfRAqSbH4wglE6Le7HW8Qjj/o/NMOcAZl1p5ihs7EXXNEADpOBIa5YdGVF8St:Ude7HW8Qjj/o/aXSbTx
                                                                                                                                                                                                          MD5:98CBBA1A0E2F3C418473D10D005D5DE0
                                                                                                                                                                                                          SHA1:C5E018040F72E0141679C52C830A64279C419DE3
                                                                                                                                                                                                          SHA-256:5931F9BCA848E6C663C3C7E6A63B618C09C8B77A31C86ACEA4D3BAB765C3C769
                                                                                                                                                                                                          SHA-512:A92F9FB67AFB7E7BE1F088E3C4F48A4C9895471F8375D9B68D45A7D9ACACA321C754AA2881CD89AEB182A35CEA94A3C3535C3E2291D2B6485C9ADFEBC8920AE2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-25T18:48:47">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.04575125179552959
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:GtlxtjlnkSS284lxtjlnkSS2kt/1R9//8l1lvlll1lllwlvlllglbelDbllAlldc:GtHkN4HkV99X01PH4l942wU
                                                                                                                                                                                                          MD5:788CC119C5AF0E11A0A1E40912055EEA
                                                                                                                                                                                                          SHA1:ED80626A4DE5F660337F515A4DDDC84FBB9CA3A4
                                                                                                                                                                                                          SHA-256:9DC51B155CC6CCBE67608D03771EE18492FB64BFC533601EF2E8378F4DE8DC7C
                                                                                                                                                                                                          SHA-512:D71A3B7CE27190D25B1512DAB4B5298B19CE44B2758A95F3DA320910B5B48FE895DACB44AAE1C5F873B2F55EB72A6EA5253C714F4F3A082AAA2B23530A3FA7CF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:..-........................?.w..bx...|@.[........-........................?.w..bx...|@.[..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49472
                                                                                                                                                                                                          Entropy (8bit):0.48381610286625926
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jplzcQ1C8nUll7DYMCSqRn9zzO8VFDYMCKjSBO8VFDYML:llMll4IqvjVGTjVGC
                                                                                                                                                                                                          MD5:F9BD3B49E9D3AE569D612562EC34F0B3
                                                                                                                                                                                                          SHA1:AEAEA0B889B084937BB762910545122B67D0A0AE
                                                                                                                                                                                                          SHA-256:FD4A7BE033D434E1ACB7D5167F03AD549190C9E2F49FD422D118F0D6022AE8BB
                                                                                                                                                                                                          SHA-512:F2C07666EC29A0E78825C528BC37C8D2CC2D731970ABF4131AD8090401FF025FCCCB09015BB08AF94E3BBF567BA3AD9FC6C7DF5DDF9DA6F24DD027896CC21958
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:7....-..........bx...|@..o{u............bx...|@..F|g.A.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732560524023347800_9DF8D029-0A5D-4974-90BA-399C1A234150.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (28778), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.1821593304650898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:6yVQyTfTTaDebCPTZkq3qpXlynbKSPiVPdczur3phwzjjX5KDjyvDBcdsHnvi7Zv:/TrGebgb92c
                                                                                                                                                                                                          MD5:169D5E9C9A93B7057AE3F2A457CFD804
                                                                                                                                                                                                          SHA1:72C15E62EF035E38AACD45CE21B401F74B39B1A6
                                                                                                                                                                                                          SHA-256:987B5B461C4C6F006C95BF6AD88F39C554E20BA752FB4C57688B9FDD8F885FE4
                                                                                                                                                                                                          SHA-512:DC92E4E5132851DCCA03C7D539601216E43EB2CCFD82D988B8B8180BFFC75268920150EAE4C13E8D02441D4088304A46852434FFE245882E4A756443FF0B3E88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/25/2024 18:48:44.119.OUTLOOK (0x1EE8).0x1EEC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-11-25T18:48:44.119Z","Contract":"Office.System.Activity","Activity.CV":"KdD4nV0KdEmQujmcGiNBUA.4.9","Activity.Duration":64,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/25/2024 18:48:44.134.OUTLOOK (0x1EE8).0x1EEC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-11-25T18:48:44.134Z","Contract":"Office.System.Activity","Activity.CV":"KdD4nV0KdEmQujmcGiNBUA.4.10","Activity.Duration":12108,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732560524026671100_9DF8D029-0A5D-4974-90BA-399C1A234150.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1348430556-7912.etl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):94208
                                                                                                                                                                                                          Entropy (8bit):4.484777954062488
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:8X3t4i29mHj0GXBeDAJpX2zWCUIkkBwRCDZqDwPoHB:S94i2cHj0GX0DAJpX2zWCUIkkBwRCDZ6
                                                                                                                                                                                                          MD5:65FA24DEE6BB6D489E31A13AE62E823E
                                                                                                                                                                                                          SHA1:8FE93D19C4F0BF59534A6C30670AB8279F06ACC2
                                                                                                                                                                                                          SHA-256:F7F225D2A6CBA08617859A7BAD495902A706430CB627502F3D563924985EE5C0
                                                                                                                                                                                                          SHA-512:857E3F83A3AB54BF4C5B76D536EFBCC58BE31D673296F41152A72F602418829F863AF448A021F8797A2C0365F9EBAE04FBC290A3F4CCDA1DA82965F4D19E8F25
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:............................................................................b..............j?..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................3................j?..........v.2._.O.U.T.L.O.O.K.:.1.e.e.8.:.c.3.a.9.e.e.3.6.4.4.3.7.4.1.b.a.9.8.f.8.5.2.2.c.0.c.4.e.1.1.1.a...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.5.T.1.3.4.8.4.3.0.5.5.6.-.7.9.1.2...e.t.l.............P.P............j?..................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFB3AF80E626E752D9.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):163840
                                                                                                                                                                                                          Entropy (8bit):0.4267475444757328
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:B+A/U+B/Nn1ruI4JEykQODSwuPYPitWwrSKENgz0XHWQOGIAbAFAqwNh/:Bs+UI4JdeSVAir1zz0XHOGIMu
                                                                                                                                                                                                          MD5:48F420288F2C7889C24A0A65EDC5CDBA
                                                                                                                                                                                                          SHA1:102D770687D39F1BE7FE3CEC7DE596A665E667F9
                                                                                                                                                                                                          SHA-256:EB6C9C7B8DAAADFA0AC7C9A6540A9F7EC71E996696329B0A28D85F28108960CD
                                                                                                                                                                                                          SHA-512:86E218C01096254FA36FF6FFCC4E7A56CD8BF01806D73CDA47C0ACEB43E18407C2DB309C3A2576671C53D2A5DCBA6AD6FBFFB48AD3CB4210EA0C4EC7C4F83E3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                          Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:I0l7llX:I67ll
                                                                                                                                                                                                          MD5:995CD27D0843FB0F5D04D429F29054ED
                                                                                                                                                                                                          SHA1:9D1BA153BDCA15E9123542E8E81BFA45174BBFC1
                                                                                                                                                                                                          SHA-256:DD3EC39FD7DBBB5F42F413E1243A6C04ADF1A9055BFED4AD8C094C395042441E
                                                                                                                                                                                                          SHA-512:A3AAD609C331F836D909B0049BC2E68CDAC31827F4986D218E444F3679EF606AA32ECCB3D2E6247380008530ABFEFB9886F3EDE734D2E13F0A6F44B3D78D694C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..............................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271360
                                                                                                                                                                                                          Entropy (8bit):1.2882755251457088
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:i+Qc7K3sCVPUHiIGI0rlHYvGH8oivBf38BUTIZ:PrJkg75f3eNZ
                                                                                                                                                                                                          MD5:0856EE720CF62AF0FF49A29FCF734A15
                                                                                                                                                                                                          SHA1:1AC321657F44474CA93EE264BB33B7539287F521
                                                                                                                                                                                                          SHA-256:4D664057CE9F0402B53B0C6053003D8F27438DB61D28E0C556FDE6E81BB32AC0
                                                                                                                                                                                                          SHA-512:32E017929C13131ABF42C9C8790E232FF43384871DDFEF9A0AC13615F2BD22BDC2601EF94731ACB7904BB357AABEDDE40F023ED9C936C7326E0E3D63B6BCA9B0
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:!BDN.:>.SM......\...}...........<.......U................@...........@...@...................................@...........................................................................$.......D.......L..............;...............7...................................................................................................................................................................................................................................................................................................\TY.&(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                                          Entropy (8bit):0.7452798560225619
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:yDmZsyHfHKUG87qjtPBKUk5SLAygZz5YWPr55/0Ar3kXAygZz5YWPr55/0oW5Q3o:yKD/HZ6lLQKN57APr7IIi1R4343FvZz
                                                                                                                                                                                                          MD5:3B1F557A77F420547AE1D0F8ECA55352
                                                                                                                                                                                                          SHA1:D6558B03D9AFDDB64A6300CCD521AD454A80423E
                                                                                                                                                                                                          SHA-256:88A3354A4599E94C868DB01085CADB69A7B2F849D782AC824C9322E12DACE072
                                                                                                                                                                                                          SHA-512:AE87DCEF133E19AAC1008FDB3ED7BFFB7CE1231133914EC7B2F46F0EA47CC3D9A2CC30D7C16287F5220F2FF0ACFF8A493E22DB663212DDD2B8E60D12A1EBEE85
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:...30...`...........}...j?.......D............#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................P.D.......V50...a...........}...j?.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                          Entropy (8bit):4.024696555951147
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                          • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                          File name:FW Wendy PO Box 601.msg
                                                                                                                                                                                                          File size:87'040 bytes
                                                                                                                                                                                                          MD5:23be19dde24dece57e01384322fd63b4
                                                                                                                                                                                                          SHA1:a8de4eccfe87cf88c7b2e6bfcfb3e930c7ac9e8e
                                                                                                                                                                                                          SHA256:3c04a175094ff7a0dd2928f7986fab613498a01dd48b14446a78931e4be8edab
                                                                                                                                                                                                          SHA512:6bdc5fc57e37803222f3ea45aa7bb597f4036ae03f4fe41e2ee2dcf64a4d8eb3066a950fbd6ccc35e8cbd81f4be067222180b0f7bcbda45f4b4f07c02ac390a8
                                                                                                                                                                                                          SSDEEP:1536:1YeCX0d/EY0bAB9BivaNzD9Jm7Qvodl76ocBwtAWHdi:+gD0bdvuzhgcU5i
                                                                                                                                                                                                          TLSH:C98312153AFA1119F173EF319DE6A4A7893B7D626D15891F2081330E0A72E81DD62F3B
                                                                                                                                                                                                          File Content Preview:........................>.......................................................=..............................................................................................................................................................................

                                                                                                                                                                                                          Static Mail

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Subject:FW: Wendy PO Box 601
                                                                                                                                                                                                          From:Wendy Brooks <wbrooks@pridewines.com>
                                                                                                                                                                                                          To:Endsight Support <support@endsight.net>
                                                                                                                                                                                                          Cc:
                                                                                                                                                                                                          BCC:
                                                                                                                                                                                                          Date:Mon, 25 Nov 2024 17:04:03 +0100
                                                                                                                                                                                                          Communications:
                                                                                                                                                                                                          • Endsight friends, what do you make of this? Im working at home this morning and can be reached on my cell: 707-975-9531. Thanks, Wendy From: Sandro Mazzoni <sandromazzoni82@gmail.com> Date: Monday, November 25, 2024 at 5:13AM To: Wendy Brooks <wbrooks@pridewines.com> Subject: Wendy PO Box 601 PO Box 601
                                                                                                                                                                                                          Attachments:
                                                                                                                                                                                                          • Wendy Brooks.txt

                                                                                                                                                                                                          Headers

                                                                                                                                                                                                          Key Value
                                                                                                                                                                                                          Receivedfrom SA3PR20MB5888.namprd20.prod.outlook.com
                                                                                                                                                                                                          BYAPR18MB2551.namprd18.prod.outlook.com with HTTPS; Mon, 25 Nov 2024 1825:45
                                                                                                                                                                                                          ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
                                                                                                                                                                                                          ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                                                                                                                                                                                                          h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
                                                                                                                                                                                                          ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass
                                                                                                                                                                                                          by DM8PR18MB4501.namprd18.prod.outlook.com (260310b6:8:38::12) with
                                                                                                                                                                                                          2024 1604:08 +0000
                                                                                                                                                                                                          (260310b6:208:2c3::7) with Microsoft SMTP Server (version=TLS1_3,
                                                                                                                                                                                                          25 Nov 2024 1604:08 +0000
                                                                                                                                                                                                          Authentication-Resultsspf=pass (sender IP is 40.107.94.135)
                                                                                                                                                                                                          Received-SPFPass (protection.outlook.com: domain of pridewines.com
                                                                                                                                                                                                          15.20.8207.12 via Frontend Transport; Mon, 25 Nov 2024 1604:08 +0000
                                                                                                                                                                                                          DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=pridewines.com;
                                                                                                                                                                                                          by DM4PR20MB4848.namprd20.prod.outlook.com (260310b6:8:a5::5) with Microsoft
                                                                                                                                                                                                          15.20.8207.10; Mon, 25 Nov 2024 1604:03 +0000
                                                                                                                                                                                                          ([fe80:58bf:f6ac:c17d:b086%7]) with mapi id 15.20.8207.010; Mon, 25 Nov 2024
                                                                                                                                                                                                          1604:03 +0000
                                                                                                                                                                                                          FromWendy Brooks <wbrooks@pridewines.com>
                                                                                                                                                                                                          ToEndsight Support <support@endsight.net>
                                                                                                                                                                                                          SubjectFW: Wendy PO Box 601
                                                                                                                                                                                                          Thread-TopicWendy PO Box 601
                                                                                                                                                                                                          Thread-IndexAQHbPzvR5aUyOpaF1EmKH8xFphFEPbLIKNAp
                                                                                                                                                                                                          DateMon, 25 Nov 2024 16:04:03 +0000
                                                                                                                                                                                                          Message-ID<SA3PR20MB58886822B5C27DEBE115B1EDC62E2@SA3PR20MB5888.namprd20.prod.outlook.com>
                                                                                                                                                                                                          References<CAN4mOSduJ4KmKLSQEC4w34zgET3GLk26dF0OELigv4P0vbnfsg@mail.gmail.com>
                                                                                                                                                                                                          In-Reply-To<CAN4mOSduJ4KmKLSQEC4w34zgET3GLk26dF0OELigv4P0vbnfsg@mail.gmail.com>
                                                                                                                                                                                                          Accept-Languageen-US
                                                                                                                                                                                                          Content-Languageen-US
                                                                                                                                                                                                          X-MS-Has-Attachyes
                                                                                                                                                                                                          X-MS-TNEF-Correlatorx-ms-reactions: allow
                                                                                                                                                                                                          Authentication-Results-Originaldkim=none (message not signed)
                                                                                                                                                                                                          x-ms-traffictypediagnosticSA3PR20MB5888:EE_|DM4PR20MB4848:EE_|BN1PEPF00006000:EE_|DM8PR18MB4501:EE_|BYAPR18MB2551:EE_
                                                                                                                                                                                                          X-MS-Office365-Filtering-Correlation-Ida22fefc4-0fbe-429f-a485-08dd0d6acb4f
                                                                                                                                                                                                          x-ld-processedad1742c2-f011-47f6-bca2-cb6ec697cfe7,ExtAddr
                                                                                                                                                                                                          x-ms-exchange-senderadcheck1
                                                                                                                                                                                                          x-ms-exchange-antispam-relay0
                                                                                                                                                                                                          X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|376014|1800799024|366016|8096899003|38070700018;
                                                                                                                                                                                                          X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?hsASwmRMWTusFhlBHfXLOPARQdauJD9S/YrfqC2Xwc47Cbxy/fEZVesVRSBl?=
                                                                                                                                                                                                          X-Forefront-Antispam-Report-UntrustedCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA3PR20MB5888.namprd20.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
                                                                                                                                                                                                          X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
                                                                                                                                                                                                          X-MS-Exchange-AntiSpam-MessageData-Original-0=?utf-8?B?TXJrZGY4bHRYVGsyWHlEZjY3cVZlUmo1aTdJeTQ2SHBEdzBqT0NWSDR0cXRr?=
                                                                                                                                                                                                          Content-Typemultipart/mixed;
                                                                                                                                                                                                          X-MS-Exchange-Transport-CrossTenantHeadersStampedDM8PR18MB4501
                                                                                                                                                                                                          Return-Pathwbrooks@pridewines.com
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationStartTime25 Nov 2024 16:04:08.5167
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                                                                                                          X-MS-Exchange-Organization-Network-Message-Ida22fefc4-0fbe-429f-a485-08dd0d6acb4f
                                                                                                                                                                                                          X-EOPAttributedMessage0
                                                                                                                                                                                                          X-EOPTenantAttributedMessaged3f299a1-80d0-43ff-8d1c-08798a7ae704:0
                                                                                                                                                                                                          X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                                                                                                                                                          X-MS-Exchange-Transport-CrossTenantHeadersStrippedBN1PEPF00006000.namprd05.prod.outlook.com
                                                                                                                                                                                                          X-MS-Exchange-Transport-CrossTenantHeadersPromotedBN1PEPF00006000.namprd05.prod.outlook.com
                                                                                                                                                                                                          X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                          X-MS-Exchange-Organization-AuthSourceBN1PEPF00006000.namprd05.prod.outlook.com
                                                                                                                                                                                                          X-MS-Exchange-Organization-AuthAsAnonymous
                                                                                                                                                                                                          X-MS-Office365-Filtering-Correlation-Id-Prvsc0c54057-4e0f-48e8-ce35-08dd0d6ac80d
                                                                                                                                                                                                          X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                                                                                                                                                          X-MS-Exchange-Organization-SCL-1
                                                                                                                                                                                                          X-Microsoft-AntispamBCL:0;ARA:13230040|35042699022|8096899003;
                                                                                                                                                                                                          X-Forefront-Antispam-ReportCIP:40.107.94.135;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:NAM10-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam10on2135.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(8096899003);DIR:INB;
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-OriginalArrivalTime25 Nov 2024 16:04:08.2979
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-Network-Message-Ida22fefc4-0fbe-429f-a485-08dd0d6acb4f
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-Idd3f299a1-80d0-43ff-8d1c-08798a7ae704
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-AuthSourceBN1PEPF00006000.namprd05.prod.outlook.com
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                                                                                                                                                                          X-MS-Exchange-Transport-EndToEndLatency02:21:37.6446319
                                                                                                                                                                                                          X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                                                                                                                                                                                                          X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                                                                                                                                          X-Microsoft-Antispam-Message-Info=?utf-8?B?VlBYb3FYb1IxdWs1cW5wOWNtaGQwQkFKRjVuVlRHSEgwTG9MSDlTUHREbnZq?=
                                                                                                                                                                                                          MIME-Version1.0
                                                                                                                                                                                                          dateMon, 25 Nov 2024 17:04:03 +0100

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          No network behavior found

                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:13:48:40
                                                                                                                                                                                                          Start date:25/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW Wendy PO Box 601.msg"
                                                                                                                                                                                                          Imagebase:0xe0000
                                                                                                                                                                                                          File size:34'446'744 bytes
                                                                                                                                                                                                          MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:13:48:49
                                                                                                                                                                                                          Start date:25/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6FC303B6-BB6E-4043-BA69-57513175B2F4" "B4863E8F-C3BA-4190-8C90-577E98F89BBB" "7912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                          Imagebase:0x7ff698520000
                                                                                                                                                                                                          File size:710'048 bytes
                                                                                                                                                                                                          MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          No disassembly