Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Re_ ITT-Glass_Vendors Registration (13).msg

Overview

General Information

Sample name:Re_ ITT-Glass_Vendors Registration (13).msg
Analysis ID:1431484
MD5:76fbe38d38030893d0ae0f1d9581a0e2
SHA1:a6cca0322b847a5c9482d35e3fc13788aebdbba1
SHA256:a3d40a30f9880ab069148355d313997a7a5efdbeac71bb767776ba64001c4543
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Phishing site detected (based on OCR NLP Model)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 2228 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Re_ ITT-Glass_Vendors Registration (13).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6092 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C91DE6C-012E-40FA-B6E4-4A916357AA90" "AB6D7A72-3249-4203-8659-587BA1FE438F" "2228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2228, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: MSG / EMLML Model on OCR Text: Matched 80.3% probability on "971 4771 3600 DUBAI PROPERTIES Good Morning Sir ! !! Please find the attach bank transfer details for the refundable security deposit. Regards, MUSTAFA RAJPURWALA MANAGER-PROJECTS & BUSINESS DEVELOPMENT ebjJl Jl..c .p.ro..uiJ ul-.clil Office No.12, A1 Awazel Building +971 4 333 3606 GIOSS wort-D Ras al Khor Industrial Area-2 +971 55 226 6027 InDUSTRlES L.L.C. Dubai, U.A.E. 23 yearJ q Taye//enee info@glassworld.ae www.glassworld.ae Good Morning ! !! We have received the your bank account details and will be transferring security deposits amount today. Once its done will update you accordingly. Regards, "
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.aadrm.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.aadrm.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.cortana.ai
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.microsoftstream.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.office.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.onedrive.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://api.scheduler.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://augloop.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://augloop.office.com/v2
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cdn.entity.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://config.edge.skype.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cortana.ai
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cortana.ai/api
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://cr.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://d.docs.live.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dev.cortana.ai
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://devnull.onenote.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://directory.services.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ecs.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://edge.skype.com/rps
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 27231098576.ttf.1.drString found in binary or memory: https://github.com/itfoundry/Poppins)PoppinsRegularITFO;
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://graph.windows.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://graph.windows.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ic3.teams.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 27231098576.ttf.1.drString found in binary or memory: https://indiantypefoundry.comThis
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://invites.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://lifecycle.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.microsoftonline.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.windows.local
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://make.powerautomate.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://management.azure.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://management.azure.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.action.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://messaging.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ncus.contentsync.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officeapps.live.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officepyservice.office.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://onedrive.live.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office365.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office365.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://powerlift.acompli.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://res.cdn.office.net
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.39
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 27231098576.ttf.1.drString found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFL
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://settings.outlook.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://staging.cortana.ai
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://substrate.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://tasks.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://templatesmetadata.office.net/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://webshell.suite.office.com
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://wus2.contentsync.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/26@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240425T0958330464-2228.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Re_ ITT-Glass_Vendors Registration (13).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C91DE6C-012E-40FA-B6E4-4A916357AA90" "AB6D7A72-3249-4203-8659-587BA1FE438F" "2228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C91DE6C-012E-40FA-B6E4-4A916357AA90" "AB6D7A72-3249-4203-8659-587BA1FE438F" "2228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431484 Sample: Re_ ITT-Glass_Vendors Regis... Startdate: 25/04/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 65 154 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://otelrules.svc.static.microsoft0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://my.microsoftpersonalcontent.com0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://indiantypefoundry.comThis0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://d.docs.live.net0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
    		high
    https://login.microsoftonline.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
      		high
      https://shell.suite.office.com:1443E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
        		high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
          		high
          https://autodiscover-s.outlook.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
            		high
            https://useraudit.o365auditrealtimeingestion.manage.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
              		high
              https://outlook.office365.com/connectorsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                		high
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                  		high
                  https://cdn.entity.E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.omex.office.net/appinfo/queryE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                    		high
                    https://clients.config.office.net/user/v1.0/tenantassociationkeyE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                      		high
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                        		high
                        https://powerlift.acompli.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://rpsticket.partnerservices.getmicrosoftkey.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://lookup.onenote.com/lookup/geolocation/v1E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                          		high
                          https://cortana.aiE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                            		high
                            https://api.powerbi.com/v1.0/myorg/importsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                              		high
                              https://cloudfiles.onenote.com/upload.aspxE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                		high
                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                  		high
                                  https://entitlement.diagnosticssdf.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                    		high
                                    https://api.aadrm.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ofcrecsvcapi-int.azurewebsites.net/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ic3.teams.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                      		high
                                      https://www.yammer.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                        		high
                                        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                          		high
                                          https://api.microsoftstream.com/api/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                            		high
                                            https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                              		high
                                              https://cr.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                		high
                                                https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://indiantypefoundry.comThis27231098576.ttf.1.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://messagebroker.mobile.m365.svc.cloud.microsoftE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://otelrules.svc.static.microsoftE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://github.com/itfoundry/Poppins)PoppinsRegularITFO;27231098576.ttf.1.drfalse
                                                  		high
                                                  https://portal.office.com/account/?ref=ClientMeControlE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                    		high
                                                    https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                      		high
                                                      https://edge.skype.com/registrar/prodE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                        		high
                                                        https://graph.ppe.windows.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                          		high
                                                          https://res.getmicrosoftkey.com/api/redemptioneventsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://powerlift-frontdesk.acompli.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://tasks.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                            		high
                                                            https://officeci.azurewebsites.net/api/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/workE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                              		high
                                                              https://api.scheduler.E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://my.microsoftpersonalcontent.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://store.office.cn/addinstemplateE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://api.aadrm.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://edge.skype.com/rpsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                		high
                                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                  		high
                                                                  https://globaldisco.crm.dynamics.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                    		high
                                                                    https://messaging.engagement.office.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                      		high
                                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                        		high
                                                                        https://dev0-api.acompli.net/autodetectE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://www.odwebp.svc.msE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://api.diagnosticssdf.office.com/v2/feedbackE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                          		high
                                                                          https://api.powerbi.com/v1.0/myorg/groupsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                            		high
                                                                            https://web.microsoftstream.com/video/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                              		high
                                                                              https://api.addins.store.officeppe.com/addinstemplateE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://graph.windows.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                		high
                                                                                https://dataservice.o365filtering.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://officesetup.getmicrosoftkey.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://analysis.windows.net/powerbi/apiE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                  		high
                                                                                  https://prod-global-autodetect.acompli.net/autodetectE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://substrate.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                    		high
                                                                                    https://outlook.office365.com/autodiscover/autodiscover.jsonE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                      		high
                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                        		high
                                                                                        https://consent.config.office.com/consentcheckin/v1.0/consentsE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                          		high
                                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                            		high
                                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                              		high
                                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                		high
                                                                                                https://d.docs.live.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                • 0%, Virustotal, Browse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://safelinks.protection.outlook.com/api/GetPolicyE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                  		high
                                                                                                  https://ncus.contentsync.E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                    		high
                                                                                                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                      		high
                                                                                                      http://weather.service.msn.com/data.aspxE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                        		high
                                                                                                        https://apis.live.net/v5.0/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://officepyservice.office.net/service.functionalityE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                          		high
                                                                                                          https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                            		high
                                                                                                            https://templatesmetadata.office.net/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                              		high
                                                                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                		high
                                                                                                                https://messaging.lifecycle.office.com/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                  		high
                                                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                    		high
                                                                                                                    https://pushchannel.1drv.msE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                      		high
                                                                                                                      https://management.azure.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                        		high
                                                                                                                        https://outlook.office365.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                          		high
                                                                                                                          https://wus2.contentsync.E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://incidents.diagnostics.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                            		high
                                                                                                                            https://clients.config.office.net/user/v1.0/iosE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                              		high
                                                                                                                              https://make.powerautomate.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://api.addins.omex.office.net/api/addins/searchE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                		high
                                                                                                                                https://insertmedia.bing.office.net/odc/insertmediaE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                  		high
                                                                                                                                  https://outlook.office365.com/api/v1.0/me/ActivitiesE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                    		high
                                                                                                                                    https://api.office.netE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                      		high
                                                                                                                                      https://incidents.diagnosticssdf.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://asgsmsproxyapi.azurewebsites.net/E4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://clients.config.office.net/user/v1.0/android/policiesE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                          		high
                                                                                                                                          https://entitlement.diagnostics.office.comE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                            		high
                                                                                                                                            https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                              		high
                                                                                                                                              https://substrate.office.com/search/api/v2/initE4333BAB-F940-4150-9AAE-5C215C9C1D6B.1.drfalse
                                                                                                                                                		high

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                No contacted IP infos

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                Analysis ID:1431484
                                                                                                                                                Start date and time:2024-04-25 09:57:40 +02:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 4m 33s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:Re_ ITT-Glass_Vendors Registration (13).msg
                                                                                                                                                Detection:CLEAN
                                                                                                                                                Classification:clean1.winMSG@3/26@0/0
                                                                                                                                                EGA Information:Failed
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                • Number of executed functions: 0
                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .msg

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.113.194.132, 23.55.253.34, 23.34.82.10, 23.34.82.8, 20.189.173.9
                                                                                                                                                • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, onedscolprdwus08.westus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, cus-config.officeapps.live.com, s-0005-office.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, e16604.g.akamaiedge.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net, a1864.dscd.akamai.net
                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                No simulations

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                No context

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASNs

                                                                                                                                                No context

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):231348
                                                                                                                                                Entropy (8bit):4.382367615975065
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:mTYLQegsexsPpOSV8H6gs58NcAz79ysQqt2h9KPqoQi1rcm0Fv+j5yCYV+ef0f58:3tg4segVmiGu2yqoQ4rt0Fv9zvurVwqs
                                                                                                                                                MD5:877DEEF5EEFC14F2EDA81AFFB5F6B5B0
                                                                                                                                                SHA1:12C5C5B14DA00AA11E0CC85DDC53ED22B3AC3601
                                                                                                                                                SHA-256:A1771B43AF30C070E722C8A6E7CD0D80E8A18B8937AC002A36CC8E32BA1F4C64
                                                                                                                                                SHA-512:53FB33C1BF0D7CD9CC723791F7EDFD3107B12A11454ED591562E65D26347C56F1614959136723DC14F4FD782FD1DA3208D0C852B03DCC054DCEF1DF94003F44D
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:TH02...... ..9}W.......SM01X...,....&jW...........IPM.Activity...........h...............h............H..hD.O......G(....h.........|..H..h\alf ...AppD...h.c~.0.....O....h.E.............h........_`*j...h.D..@...I..v...h....H...8./j...0....T...............d.........2h...............k..............!h.............. h...E......O...#h....8.........$h.|......8....."h.}......p}....'h..............1h.E..<.........0h....4..../j../h....h...../jH..h..p...D.O...-h ........O...+hjB......8.O................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (2010), with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2010
                                                                                                                                                Entropy (8bit):5.096177569326835
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:cGE8dypdSyrvnzy7SymJdy+dydASyNdyrwnzyrMdnzyDkSyrXnzyC6yO:JEpdbT27bwE+EdAbNEs2Yd2IbT2CDO
                                                                                                                                                MD5:A4A9DF56B452211A555E571D28C5B539
                                                                                                                                                SHA1:97FC6DB4896918312CF938DD9698913E7EE1F71E
                                                                                                                                                SHA-256:EEEF7238A1F4533297B344AD9349293CF665EB175D920F65DF7F6FE252CBE6DC
                                                                                                                                                SHA-512:A5B0E90FF041158322389216D7D5419B8FC3F1F1C67BBACE5781A1C5A05F07CB6F12A694683CA7048F5680C00A79AC788AE357C638A565CE65815EECD471FE27
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>13</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-04-25T07:58:35Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T14:08:57Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-04T14:08:57Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876226<

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Poppins\27231098576.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:TrueType Font data, digitally signed, 14 tables, 1st "DSIG", 17 names, Microsoft, language 0x409, Copyright 2020 The Poppins Project Authors (https://github.com/itfoundry/Poppins)PoppinsRegularI
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):160316
                                                                                                                                                Entropy (8bit):6.727437125147479
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:5C6WSA6emeVKsUCJK1Q/lFDkFPhGT23ClT2qwTfVUJFBQp8wfcQDJ1L9+3kL2j1j:5C6BefJKDyLZlj+EznIT/tiQo8xRo
                                                                                                                                                MD5:09ACAC7457BDCF80AF5CC3D1116208C5
                                                                                                                                                SHA1:86A425BE5A919D86729B85B2BC1D07DA5CE413D4
                                                                                                                                                SHA-256:7E65201E9B79159E2300267CC885E16C8DCEF2424CDFA09A29BFB0980A94A7BA
                                                                                                                                                SHA-512:416E1C977004089C240674FAA34131536966681FC9B46E029A7A6E8C3995486C2E0E0087E11C9FD2F96FE638FF72AD39796B060E07B2AE69457A311FED579669
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:...........`DSIG......r4....GDEF......5 ...@GPOS.v3...5`....GSUB.....Jt..'.OS/2..w....h...`cmap.....X....glyf.L.G.......Phead..$a.......6hhea.u.!...$...$hmtxgj.O........loca.qV....P...Jmaxp...,...H... name............post......t.."...........D._.<..................6........).....................d.....n...................#.....$.....v.............d.........S.........X...K...X...^.2.H............................ITFO...........d.o.s ........$..... ...................<.J.Z.J.D...D...?...a...........................a.J.a.J.....=.J.a.J.&...&...&.C...R...............X...X...2...,.&.X.&.O.....&...........................1...H...Q...*...........>.......X.........O.a.....Q...................L.......................Z.....3...J.......!.H.&...............H...>.......................................1..."...9...............>.......4.........O.a.....Q.....n.............L.......................Z.........J.........H.................".........4.......;.@.L...F...a.t.>.@.&.?.3.M.1.u.(.t.I.{.I.".!.w.<

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):322260
                                                                                                                                                Entropy (8bit):4.000299760592446
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                                                                                MD5:CC90D669144261B198DEAD45AA266572
                                                                                                                                                SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                                                                                SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                                                                                SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):10
                                                                                                                                                Entropy (8bit):2.321928094887362
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:LoWUI:MWUI
                                                                                                                                                MD5:7C02BC12A7F8332FE8FAE703BA6CB161
                                                                                                                                                SHA1:E0C3C42A63688FA9108E32578AA9D1D35C2BF942
                                                                                                                                                SHA-256:11449701C9EC192DC1672FE42EE027706064A171DF5187EDCF433C921F70B9DF
                                                                                                                                                SHA-512:FF88C20922C9D2C6B58A2EA24C4105513A716709FF8C06090F171CB15DD1EE79444A6D1409224D279C9337D5CC03B8C41156269BF3D6689E8F50CF20B14821C4
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:1714031917

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E4333BAB-F940-4150-9AAE-5C215C9C1D6B

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):166203
                                                                                                                                                Entropy (8bit):5.340937124348652
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:k+C7FPgOsB3U9guwwJQ9DQA+zqzhQik4F77nXmvYd8XRTEwreOR6g:ZIQ9DQA+zqzMXeMJ
                                                                                                                                                MD5:37463467BA1384D06893930F40C0B7A2
                                                                                                                                                SHA1:11EF52D4A1B1C8C3C51206310536B11F5B81170D
                                                                                                                                                SHA-256:8B1D082B74D0CBCA55BE6DEA14EB4B62028AE51A5967A7C7B8109199D78E7F92
                                                                                                                                                SHA-512:A981151F69E6005747489895D9CD66A29B7B95181048E7CD911EB575C415E9C5D8BF5B81F676F47824F0B2293AF82A3CAC34F7F5D4511FF2B46A2C01E718532A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-04-25T07:58:35">.. Build: 16.0.17609.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4096
                                                                                                                                                Entropy (8bit):0.09304735440217722
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                                                                                                                                                MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                                                                                                                                SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                                                                                                                                SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                                                                                                                                SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:SQLite Rollback Journal
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4616
                                                                                                                                                Entropy (8bit):0.1384465837476566
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:7FEG2l+ersH/FllkpMRgSWbNFl/sl+ltlslN04l9Xlleh:7+/laBg9bNFlEs1E39Gh
                                                                                                                                                MD5:82AEECB60E84CC20B31263A6D1C5BE65
                                                                                                                                                SHA1:6AB57EDA11D9345729F989E480662C3E17BF462C
                                                                                                                                                SHA-256:202232B70C432A3E9FEF72242225817F48383FFF3BF293C334243AA7E9823F48
                                                                                                                                                SHA-512:B022DAE26C403F6878BC55F3795EF1FE66F14EBE893E6EE5466F220BA8DF18F1C0D4DCBA883D3375256E129DA935D7D5FDE2D8A57C0A57DA352F051D125FC28B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.... .c.......y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):32768
                                                                                                                                                Entropy (8bit):0.04474441261042196
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:G4l277FyyHPDNl277FyyHPZ/ulL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l27BRH5l27BRHAL9XXPH4l942U
                                                                                                                                                MD5:DA9BCCC40BD7ECBCCB559E95FBA4AD2B
                                                                                                                                                SHA1:9906CE1418AA2BD31CD96E580B27D52D1E85F066
                                                                                                                                                SHA-256:6D548E89EEE47AC410FE62AFA5502FBCA63F8B2D50C391530356BC969A2A7DCE
                                                                                                                                                SHA-512:8B97EA9C9ACE8CAFB9CA0243C85D23491B7E2BB1F4AA5AB4ECDEF461716EC302B266EBCD6E5840A66E2EDED0C6C537912E6DBA9A09698690CEBDDB257B03FC34
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:..-......................@.[.O...Nsq..W..6..b....-......................@.[.O...Nsq..W..6..b..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):45352
                                                                                                                                                Entropy (8bit):0.39267576199494236
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:KrwlQMIzRDG+snill7DBtDi4kZERDFXxqt8VtbDBtDi4kZERDRjjnl:2wQjqnill7DYMJXxO8VFDYMdjjnl
                                                                                                                                                MD5:B3AFF29ABD04B56D03498F543446047F
                                                                                                                                                SHA1:7A5C011AA43217CAE230DB59384613C38A341EC9
                                                                                                                                                SHA-256:73B357503972C9AF6C163F471FD510BECAF47F3B0D2FA45EF8DF87F6BFDC80A4
                                                                                                                                                SHA-512:E6AF4B68B8433C6526B477C746DFD247BD33FC187A4F35754945482732A5D6672B24C3868C92A0D64254FADA1816C90A4611926B573965FD14197F6494E92A15
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:7....-............Nsq..WH5..W.............Nsq..W..(...a.SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\277D1562.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 323 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75201
                                                                                                                                                Entropy (8bit):7.988043572403983
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:3HgnuW19mphqul+LaleY6HE/P5GJ8/6FVij3BgqAGLpeKnW9WCzdNsnRjA:3Y9mzqulFkY6H05GJ8/+u32qnWxURjA
                                                                                                                                                MD5:ABC808D97D2A240FE0C612FC88488EDC
                                                                                                                                                SHA1:36962DEA0B92D7203EFA17A4CF20B032F2D18E7E
                                                                                                                                                SHA-256:86D82D53B9EC1E5C5520B90E7533727F02374A64642FBC9267C33031F2E696A2
                                                                                                                                                SHA-512:BA62EEE9801694D6D8A48E35E3955CE98987FD60390058DA12F2946236258BA476D2684CA659580C72BEDA27DC960D6188810DF069E66B783503F2CFD88F0FD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...C..........~.U....sRGB.........gAMA......a.....pHYs..........&.?....IDATx^.].`\....l.e.035I...5.m.al..4......8..cff.K.w....vo..,.k.i..y....7;...b/.)Nq............m....8.vn.G9.'..!>7.pK..p..H..>.OB._........P.^.....K.G.Y....2....`..8.i...ObA..a..V...v&...........|....s......LP.s.....4..<.?"Q0....F...@...8.)N?.u.X.Y...........P`(..!z{A.C.. .-.......1....."a...+..q.S.~V...X. ....cCb.........ub..H......`.......`..c..r+.8.P.`.]...=.8..)NqZ#u.,..0....K.0.cw]..1t.V..0..3...-.......o..%.G..-...{Bq0.S..F..X........m<...]Gx.{.....\kX..g..`...&..>0>...n...d{o.g..{Bq0.S.....8.3;..`w.i.xe...yQ....sl...uA..#.6z.....g...D...#.%9.....3.c.N..a....5.!...............2.5.c....0..".....M..f...E.]#.^..Cx.{(..{c.0.y.:)..q.S..@.....v....v..9.3.=o.1........G+....p}3|.......@P..........Iq0.S...=.\lgj".i.Y...[.k...;.=/..9s..7...4x.]V...j..{.O.......!@.....?^..*....P.....8uOB....0....X.u...G....:`......uX:i..L....z..'... .yS8. ...`..j..=.8..)Nq....a.(:0...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\557ACBA5.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 2501 x 834, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):148458
                                                                                                                                                Entropy (8bit):7.920064153393467
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:MD4FQtlXqnLMexh5xrxm783H/Wo7P+95b1WvvSbttphr17sqLqj/olxcTR:McE65xh3tmwT765b1IvSvpVFfWol6
                                                                                                                                                MD5:1710260961464DFD7AAEC4FA9E9BE701
                                                                                                                                                SHA1:2BFF6FD5AE03EBC5909A538709A4CE9F9A996E0F
                                                                                                                                                SHA-256:3E8E1309726E35B26819623B33EBBBBF663C0FABD07780CB1B526FB34F376BD6
                                                                                                                                                SHA-512:6BB889A0CF9CFBBB27A52B543445ACE9D6512855DEE3B00349A958A65742EC51A555DFE7F5CBD47959FB8ECBD4CEF0E4C405E0E39A4DBDF6DE07BD29F0908FDE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.......B......(6.....pHYs...#...#.x.?v.. .IDATx.....]e}7...>..s..B..s..T$....UI...`.:.[E tn.G..+.7Z.*.......h3......w........)..:..VjZH....9..NN8.d..Z{....3.<Y...........7.........x.,..t.E...........Z......=.c....j%............B(............}j.rj.......[..............U..t...J..\U)...........!.......................``.F_.}-..........i.;.?.)....i_...........@.4....X....Ot.=.....;v.2|.R...........C(...........!...............R.u-....8..Z.~..7..y.9....3..Q.....~.q..7...d.wL}.^......3.+.F...Z........P1...|2lSg.....?._.z.n...'3\.......l.o>F.g..4cl.w.i.......`....7....N.y.+^qv.V....+k..H.............bhh.m..p......ht..g..LO...?5.......s.......W..rxxx.Y.V....].k.........`.E....N.....T`......./>.../<.....n..1.>.....-[.,X...z...V....xQ.............ra.7o^t.q.E..{.....G.._...g.}......|,.O.h...k)........w...j?..x..~~..7....^8{....;[............._...._.....G?z.._..SQ...T...........y.G..g:.V..8l.c...kBq..S(..D=...?<44ta.....+........p....O.....>...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CB8E9649.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 323 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75201
                                                                                                                                                Entropy (8bit):7.988043572403983
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:3HgnuW19mphqul+LaleY6HE/P5GJ8/6FVij3BgqAGLpeKnW9WCzdNsnRjA:3Y9mzqulFkY6H05GJ8/+u32qnWxURjA
                                                                                                                                                MD5:ABC808D97D2A240FE0C612FC88488EDC
                                                                                                                                                SHA1:36962DEA0B92D7203EFA17A4CF20B032F2D18E7E
                                                                                                                                                SHA-256:86D82D53B9EC1E5C5520B90E7533727F02374A64642FBC9267C33031F2E696A2
                                                                                                                                                SHA-512:BA62EEE9801694D6D8A48E35E3955CE98987FD60390058DA12F2946236258BA476D2684CA659580C72BEDA27DC960D6188810DF069E66B783503F2CFD88F0FD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...C..........~.U....sRGB.........gAMA......a.....pHYs..........&.?....IDATx^.].`\....l.e.035I...5.m.al..4......8..cff.K.w....vo..,.k.i..y....7;...b/.)Nq............m....8.vn.G9.'..!>7.pK..p..H..>.OB._........P.^.....K.G.Y....2....`..8.i...ObA..a..V...v&...........|....s......LP.s.....4..<.?"Q0....F...@...8.)N?.u.X.Y...........P`(..!z{A.C.. .-.......1....."a...+..q.S.~V...X. ....cCb.........ub..H......`.......`..c..r+.8.P.`.]...=.8..)NqZ#u.,..0....K.0.cw]..1t.V..0..3...-.......o..%.G..-...{Bq0.S..F..X........m<...]Gx.{.....\kX..g..`...&..>0>...n...d{o.g..{Bq0.S.....8.3;..`w.i.xe...yQ....sl...uA..#.6z.....g...D...#.%9.....3.c.N..a....5.!...............2.5.c....0..".....M..f...E.]#.^..Cx.{(..{c.0.y.:)..q.S..@.....v....v..9.3.=o.1........G+....p}3|.......@P..........Iq0.S...=.\lgj".i.Y...[.k...;.=/..9s..7...4x.]V...j..{.O.......!@.....?^..*....P.....8uOB....0....X.u...G....:`......uX:i..L....z..'... .yS8. ...`..j..=.8..)Nq....a.(:0...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D33FB7B6.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 2501 x 834, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):153452
                                                                                                                                                Entropy (8bit):7.944610245861422
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:KSrQTva6KUo7h/6AVitreCcaT3u1HqXGBK2x5w6ZuO/DpiKo0+EaGGfMMAxp:KSria6KRh/R8teeiJF49KliKT+YwEp
                                                                                                                                                MD5:30F11FDCBF3ACA711869AF197D9B9A45
                                                                                                                                                SHA1:4A5CFDC015473B8F2BA2B7B552A1C7981ACD7FC9
                                                                                                                                                SHA-256:90AC84B2EEB900C8E1EA157C5F9BD6A6A6D67A4C5279E8D092BCA9BE0657F53C
                                                                                                                                                SHA-512:B69E2B293C546E613CC990922C3E35EAE32E360C4F31E0E5B38C75A9A31B75BB475A28687381120291CFF55DC13335E1B705DAA215225D03D5310DBC64CAB140
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.......B......(6.....pHYs...#...#.x.?v.. .IDATx.....]u}7...~r.<........2@..uDnj.....L..r...AE.o.;.<o....e.V....*7.....N+yG.N.S....v.j.W.X iA"I...N.......u...2.........w.....;.ND5LOO.97$................G.*.g....}{..c.............r!..........@cX>. .,....,.0....y...........f....d}>..W.XU).......................1...........h.........3.{...zM...|fo...}.y.........TIo.j..U...>.......o.^..Jq.........4.P...........!..........@c.N..w.....8a[.....I...j.}....zO..K/.|..^wRx.l.....d..v.=.n...hcb.N'i.........0&......3G....;..G.y.O|...g.A......~.g....A...A.1.q...o.^...D..@......:j.e..j.Z..v..V..&...Co.............6....;....k.3.<3.dzd.}......\..9jL(n.|....:.c.Z.`A...k.Z'.q.|..............x...D.^...........?.{...y.~...=.i...y...5..7.|.K^.....V.,.8.........Q..m.%.K_...k_...}..=...~..'....>...81.'.t*..k).........I..{Ok...R...w.o-X. ...............<...........~.?....w...V..y.....>N.Am.w\..7.....o.>...Jq5u.M7..b...,X.[q..............4./

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E34D83F.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 2501 x 834, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):153452
                                                                                                                                                Entropy (8bit):7.944610245861422
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:KSrQTva6KUo7h/6AVitreCcaT3u1HqXGBK2x5w6ZuO/DpiKo0+EaGGfMMAxp:KSria6KRh/R8teeiJF49KliKT+YwEp
                                                                                                                                                MD5:30F11FDCBF3ACA711869AF197D9B9A45
                                                                                                                                                SHA1:4A5CFDC015473B8F2BA2B7B552A1C7981ACD7FC9
                                                                                                                                                SHA-256:90AC84B2EEB900C8E1EA157C5F9BD6A6A6D67A4C5279E8D092BCA9BE0657F53C
                                                                                                                                                SHA-512:B69E2B293C546E613CC990922C3E35EAE32E360C4F31E0E5B38C75A9A31B75BB475A28687381120291CFF55DC13335E1B705DAA215225D03D5310DBC64CAB140
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.......B......(6.....pHYs...#...#.x.?v.. .IDATx.....]u}7...~r.<........2@..uDnj.....L..r...AE.o.;.<o....e.V....*7.....N+yG.N.S....v.j.W.X iA"I...N.......u...2.........w.....;.ND5LOO.97$................G.*.g....}{..c.............r!..........@cX>. .,....,.0....y...........f....d}>..W.XU).......................1...........h.........3.{...zM...|fo...}.y.........TIo.j..U...>.......o.^..Jq.........4.P...........!..........@c.N..w.....8a[.....I...j.}....zO..K/.|..^wRx.l.....d..v.=.n...hcb.N'i.........0&......3G....;..G.y.O|...g.A......~.g....A...A.1.q...o.^...D..@......:j.e..j.Z..v..V..&...Co.............6....;....k.3.<3.dzd.}......\..9jL(n.|....:.c.Z.`A...k.Z'.q.|..............x...D.^...........?.{...y.~...=.i...y...5..7.|.K^.....V.,.8.........Q..m.%.K_...k_...}..=...~..'....>...81.'.t*..k).........I..{Ok...R...w.o-X. ...............<...........~.?....w...V..y.....>N.Am.w\..7.....o.>...Jq5u.M7..b...,X.[q..............4./

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E4FF1534.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 323 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75201
                                                                                                                                                Entropy (8bit):7.988043572403983
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:3HgnuW19mphqul+LaleY6HE/P5GJ8/6FVij3BgqAGLpeKnW9WCzdNsnRjA:3Y9mzqulFkY6H05GJ8/+u32qnWxURjA
                                                                                                                                                MD5:ABC808D97D2A240FE0C612FC88488EDC
                                                                                                                                                SHA1:36962DEA0B92D7203EFA17A4CF20B032F2D18E7E
                                                                                                                                                SHA-256:86D82D53B9EC1E5C5520B90E7533727F02374A64642FBC9267C33031F2E696A2
                                                                                                                                                SHA-512:BA62EEE9801694D6D8A48E35E3955CE98987FD60390058DA12F2946236258BA476D2684CA659580C72BEDA27DC960D6188810DF069E66B783503F2CFD88F0FD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...C..........~.U....sRGB.........gAMA......a.....pHYs..........&.?....IDATx^.].`\....l.e.035I...5.m.al..4......8..cff.K.w....vo..,.k.i..y....7;...b/.)Nq............m....8.vn.G9.'..!>7.pK..p..H..>.OB._........P.^.....K.G.Y....2....`..8.i...ObA..a..V...v&...........|....s......LP.s.....4..<.?"Q0....F...@...8.)N?.u.X.Y...........P`(..!z{A.C.. .-.......1....."a...+..q.S.~V...X. ....cCb.........ub..H......`.......`..c..r+.8.P.`.]...=.8..)NqZ#u.,..0....K.0.cw]..1t.V..0..3...-.......o..%.G..-...{Bq0.S..F..X........m<...]Gx.{.....\kX..g..`...&..>0>...n...d{o.g..{Bq0.S.....8.3;..`w.i.xe...yQ....sl...uA..#.6z.....g...D...#.%9.....3.c.N..a....5.!...............2.5.c....0..".....M..f...E.]#.^..Cx.{(..{c.0.y.:)..q.S..@.....v....v..9.3.=o.1........G+....p}3|.......@P..........Iq0.S...=.\lgj".i.Y...[.k...;.=/..9s..7...4x.]V...j..{.O.......!@.....?^..*....P.....8uOB....0....X.u...G....:`......uX:i..L....z..'... .yS8. ...`..j..=.8..)Nq....a.(:0...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EE7121FB.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:PNG image data, 323 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75201
                                                                                                                                                Entropy (8bit):7.988043572403983
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:3HgnuW19mphqul+LaleY6HE/P5GJ8/6FVij3BgqAGLpeKnW9WCzdNsnRjA:3Y9mzqulFkY6H05GJ8/+u32qnWxURjA
                                                                                                                                                MD5:ABC808D97D2A240FE0C612FC88488EDC
                                                                                                                                                SHA1:36962DEA0B92D7203EFA17A4CF20B032F2D18E7E
                                                                                                                                                SHA-256:86D82D53B9EC1E5C5520B90E7533727F02374A64642FBC9267C33031F2E696A2
                                                                                                                                                SHA-512:BA62EEE9801694D6D8A48E35E3955CE98987FD60390058DA12F2946236258BA476D2684CA659580C72BEDA27DC960D6188810DF069E66B783503F2CFD88F0FD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...C..........~.U....sRGB.........gAMA......a.....pHYs..........&.?....IDATx^.].`\....l.e.035I...5.m.al..4......8..cff.K.w....vo..,.k.i..y....7;...b/.)Nq............m....8.vn.G9.'..!>7.pK..p..H..>.OB._........P.^.....K.G.Y....2....`..8.i...ObA..a..V...v&...........|....s......LP.s.....4..<.?"Q0....F...@...8.)N?.u.X.Y...........P`(..!z{A.C.. .-.......1....."a...+..q.S.~V...X. ....cCb.........ub..H......`.......`..c..r+.8.P.`.]...=.8..)NqZ#u.,..0....K.0.cw]..1t.V..0..3...-.......o..%.G..-...{Bq0.S..F..X........m<...]Gx.{.....\kX..g..`...&..>0>...n...d{o.g..{Bq0.S.....8.3;..`w.i.xe...yQ....sl...uA..#.6z.....g...D...#.%9.....3.c.N..a....5.!...............2.5.c....0..".....M..f...E.]#.^..Cx.{(..{c.0.y.:)..q.S..@.....v....v..9.3.=o.1........G+....p}3|.......@P..........Iq0.S...=.\lgj".i.Y...[.k...;.=/..9s..7...4x.]V...j..{.O.......!@.....?^..*....P.....8uOB....0....X.u...G....:`......uX:i..L....z..'... .yS8. ...`..j..=.8..)Nq....a.(:0...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E529D7BF-311F-4C8D-902F-D79A43824280}.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):35568
                                                                                                                                                Entropy (8bit):3.438680271017796
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:ST90IrSCbCJyQjVy5AMVItQEXMhSkClmpyAZIAaEA1YzVH:SR0I52JyVdImmLlVUIi1
                                                                                                                                                MD5:F004A7151837B0FF02AA6797A76E6FA7
                                                                                                                                                SHA1:51F777827BF2FA74045215221E81C1D239BED143
                                                                                                                                                SHA-256:9B6F986E10E25CA0AFD4E012F697AF314AEAF0B46944A193BA285D4176DA280A
                                                                                                                                                SHA-512:56A0C385F7DF10C6968F1B95CFEEF78031B242085613268CACE1C002745D43EB01AF3D5432C56E2AF85E90F0107DB14BFCCD5915CA5C4D2E86F243FF32B0D355
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....D.e.a.r. .M.u.s.t.a.f.a.,.......T.h.i.s. .i.s. .t.o. .a.c.k.n.o.w.l.e.d.g.e. .t.h.e. .r.e.c.e.i.p.t. .o.f. .y.o.u.r. .p.a.y.m.e.n.t. .f.o.r. .t.h.e. .r.e.f.u.n.d.a.b.l.e. .s.e.c.u.r.i.t.y...d.e.p.o.s.i.t.,. .w.e. .h.a.v.e. .s.t.a.r.t.e.d. .t.h.e. .p.r.o.c.e.s.s. .o.f. .y.o.u.r. .c.o.m.p.a.n.y. .r.e.g.i.s.t.r.a.t.i.o.n. .a.n.d. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u...p.o.s.t.e.d...........B.e.s.t. .R.e.g.a.r.d.s.,...L.o.u.i.s. .J.a.c.k.s.o.n.,............................................................................... ...$...................v...........$...Z...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714031913683916500_9C10FFF9-BB17-4FCF-8893-760E04944A56.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:ASCII text, with very long lines (28725), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20971520
                                                                                                                                                Entropy (8bit):0.16336531343468003
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:HEXcdz/zn8TqeC/aER9KjEz6PC+lHRIla/skfjK/Qw/K6UUFr6VLGBB:zrz8rC/BqrT
                                                                                                                                                MD5:05E1BA40E46D7653A2043E2A86732627
                                                                                                                                                SHA1:DA46537E7425820818EC374FBDF67A255292D882
                                                                                                                                                SHA-256:0D449885136A78FDC5E5C6498D4FA50A0FC3FB4C380751B7ECB604D0777C7826
                                                                                                                                                SHA-512:9C221B0A55DA74DD0E6B6D9CAABC2B8775FFEA09F94325C788C81B7FCD4FA58B2087C7E71F510B14DE3AF4DC5899EAD007150C459801E304B7D926ADBB847433
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/25/2024 07:58:33.729.OUTLOOK (0x8B4).0x5C0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-04-25T07:58:33.729Z","Contract":"Office.System.Activity","Activity.CV":"+f8QnBe7z0+Ik3YOBJRKVg.4.9","Activity.Duration":18,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...04/25/2024 07:58:33.745.OUTLOOK (0x8B4).0x5C0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-04-25T07:58:33.745Z","Contract":"Office.System.Activity","Activity.CV":"+f8QnBe7z0+Ik3YOBJRKVg.4.10","Activity.Duration":11039,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersi

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714031913685318000_9C10FFF9-BB17-4FCF-8893-760E04944A56.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20971520
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3::
                                                                                                                                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240425T0958330464-2228.etl

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):94208
                                                                                                                                                Entropy (8bit):4.456801273976187
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:YMIoAuJqDj/4XSDRMgz4eeO95p1X4RX3rNV4zhWPWLWCWd:GhQQ4ex95p1X0r3
                                                                                                                                                MD5:10DC08D0C995C37C27D979BDB1F20893
                                                                                                                                                SHA1:6F2E77ACD8C16ADFB4369A6AE7348C54D480F4F6
                                                                                                                                                SHA-256:C9CF4DB703ACC9F0F3663FDE0C1E6D54040545F67D3CC73743B186634F88B480
                                                                                                                                                SHA-512:C9100849D4D00A12E00F452323321190FE71B2927018F3FAE0B826375484223176F369406AB811AC41C8EFBDD8ACA8B26EF1DF9ABC7AABEEC7122F79B55C0192
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............................................................................b...........$.^...................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................M.J............$.^...........v.2._.O.U.T.L.O.O.K.:.8.b.4.:.2.c.6.b.d.0.9.6.c.0.8.0.4.4.d.d.a.5.b.7.0.9.2.0.7.f.e.5.4.0.e.f...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.4.2.5.T.0.9.5.8.3.3.0.4.6.4.-.2.2.2.8...e.t.l.............P.P.........$.^...................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF78A832B4DF2ED1A6.TMP

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):163840
                                                                                                                                                Entropy (8bit):0.3293556180551182
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:K+GmCyNKot4dr8B1qCHJABNgz0XHWQOAIAbAFAqwNh/:KiCvr87FHiUz0XHOAIMu
                                                                                                                                                MD5:7EB40CA6473CEB3BCED75C6CF45F711A
                                                                                                                                                SHA1:6B8BBB63D5DC5F3EFFCB8B99D6BAB54EDF3FA8DB
                                                                                                                                                SHA-256:0CDD46AC824F28D435AF6EFDBF2C2D7B9B64E84B68924F2C4CA802AEF694C663
                                                                                                                                                SHA-512:9F68B6C722347505B3CD3E4DA4D805A0644ECC0CBF5B4154DC7FA6A3009D5E7046C65447D2E9E3C55D48068197ED348996B22532FC0EF3E2CD095FDF77D859BB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):30
                                                                                                                                                Entropy (8bit):1.2389205950315936
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:lUIv:OI
                                                                                                                                                MD5:E39D34C8D5AFD4DF97518DC362311632
                                                                                                                                                SHA1:74486E3319B9D138D95F381A9D94FD617E83DC81
                                                                                                                                                SHA-256:B31BFE441F1830951B5E088D9E0A54B917C679F0583979B6686FDC0F702CC1B4
                                                                                                                                                SHA-512:0DDC689AD434642163A2ED13A8768CB4348933EC32CCB5C4A877268FC1B5214A7F5C0C43CA4FEA78CAD889636F7E7FC8DAD4A2409D55CEE5AC74C5AF809642A6
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....R1........................

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16384
                                                                                                                                                Entropy (8bit):0.6697968374591129
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:rl3baFg3sqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCqO:rVPmnq1Py961J
                                                                                                                                                MD5:99F8A9514EFCF8DF817E8D981D5C2C3D
                                                                                                                                                SHA1:CD050D453D71CF65DBB0F6F6CBB2CD1EFD1E04E5
                                                                                                                                                SHA-256:B8D3A1A861D3041F3B03A9AA95CB4A16DED0E6287337518FD45641BC9752A2C0
                                                                                                                                                SHA-512:F6A61135F94B3C8A1A54C91F0C806A486D998497C5AB100714A455DCD5209F99AC47BBD8598D6EFD9A095385A7D6640F5BB5D2664791FEEE31EDF4F807611433
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):271360
                                                                                                                                                Entropy (8bit):1.465824521169479
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:9QcOSzA61tMLTrC+GHLvEDXlZFO9C4GPqBfH8BUTIZ:/NtMCHLv8YwYfHeNZ
                                                                                                                                                MD5:EB341F8EEF7ACC808A414A1D00B64F82
                                                                                                                                                SHA1:A399A67DA4A315638998F7EB24085DE73299EE2A
                                                                                                                                                SHA-256:875FFCA5B52F3A8D16AC2E6D232C59175F0FE3775239AA926B2728E7D796A304
                                                                                                                                                SHA-512:E9FD0BD18B5E2A42C36813548519DC120850EBA33F412879BDDC7271846175EDC1EF778D3B268CE5A6454C72EBAD4D0132F05624CCD6846E4A23C88E9CE3BEA4
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:!BDN....SM......\....+..................\................@...........@...@...................................@...........................................................................$.......D.......@..........................................................................................................................................................................................................................................................................................................................H........1..i:......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):131072
                                                                                                                                                Entropy (8bit):0.6402359229736607
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:G80DwjTIoOJMeGjdpj7u4ihaUsl7IDA4Pi1R4340Tz:TjTIXJeyDQl7uAT1R8
                                                                                                                                                MD5:80905D1A0FB466F4BBC3A32328DC2958
                                                                                                                                                SHA1:54E107A752957BFE98FCDC207D5CCA8E935EC515
                                                                                                                                                SHA-256:57BC7AF05052D8CE24113922AFDEDE5BA5B296E844B3D0FE47A9A24128CADEFB
                                                                                                                                                SHA-512:6788148630CA8B499AE38A59DE0154FA317AB7C4E4BFBFD4F412F610D8E1D00E2EF383AB0C3796CBFF0306EA99A3AC96AD96EE113CEC3B11DCF640C17C5706F2
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.@.NC...M.............u^.....................#.!BDN....SM......\....+..................\................@...........@...@...................................@...........................................................................$.......D.......@..........................................................................................................................................................................................................................................................................................................................H........1..i:....u^........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                Entropy (8bit):7.79747393765195
                                                                                                                                                TrID:
                                                                                                                                                • Outlook Message (71009/1) 45.36%
                                                                                                                                                • Outlook Form Template (41509/1) 26.51%
                                                                                                                                                • Perfect Keyboard macro set (36024/1) 23.01%
                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 5.12%
                                                                                                                                                File name:Re_ ITT-Glass_Vendors Registration (13).msg
                                                                                                                                                File size:851'456 bytes
                                                                                                                                                MD5:76fbe38d38030893d0ae0f1d9581a0e2
                                                                                                                                                SHA1:a6cca0322b847a5c9482d35e3fc13788aebdbba1
                                                                                                                                                SHA256:a3d40a30f9880ab069148355d313997a7a5efdbeac71bb767776ba64001c4543
                                                                                                                                                SHA512:728fd0f19de77103e2557a907aef7a8deefef89633543febc15b44de005d37db0d1815c8ec12b37fd69925a17ac7c1e35d133024ae9ce573532fdbddec67562b
                                                                                                                                                SSDEEP:12288:39m9b5MaKRD2W7ei8NKzx2W7ei8NKz0b5MaKRncE6LFH7qq0pvlkb5MaKRzb5Mai:0oFD2ieN8x2ieN8VFaZbD0p9FFaF
                                                                                                                                                TLSH:8905F1167AFBC716FC7BAA308DF65B9345773C819DB8805AA1A0730D89F2E50C4A0B57
                                                                                                                                                File Content Preview:........................>.......................................................\.......*...+...\...]...^.......'...(...O......................................................................................................................................

                                                                                                                                                Static Mail

                                                                                                                                                General

                                                                                                                                                Subject:Re: ITT-Glass/Vendors Registration
                                                                                                                                                From:Dubai Properties <bids@dp-vendors.com>
                                                                                                                                                To:"mustafa@glassworld.ae" <mustafa@glassworld.ae>
                                                                                                                                                Cc:"huzaifa@glassworld.ae" <huzaifa@glassworld.ae>
                                                                                                                                                BCC:"huzaifa@glassworld.ae" <huzaifa@glassworld.ae>
                                                                                                                                                Date:Mon, 11 Mar 2024 13:22:40 +0100
                                                                                                                                                Communications:
                                                                                                                                                • Dear Mustafa, This is to acknowledge the receipt of your payment for the refundable security deposit, we have started the process of your company registration and we will keep you posted. Best Regards, Louis Jackson, General Manager/Vendors/Supplier Relation Management Dept. Dubai Properties L.L.C. Vision Tower, 10th floor, Al Khaleej Al Tejari 1 Stree Dubai Email: bids@dp-vendors.com Tel: +971 525569382 Fax: +971 4771 3600 ________________________________
                                                                                                                                                • From: mustafa@glassworld.ae <mustafa@glassworld.ae> Sent: Monday, March 11, 2024 10:50 AM To: Dubai Properties <bids@dp-vendors.com> Cc: huzaifa@glassworld.ae <huzaifa@glassworld.ae> Subject: RE: ITT-Glass/Vendors Registration Good Morning Sir !!! Please find the attach bank transfer details for the refundable security deposit. Regards,
                                                                                                                                                • From: mustafa@glassworld.ae <mustafa@glassworld.ae> Sent: Monday, March 11, 2024 9:54 AM To: 'Dubai Properties' <bids@dp-vendors.com> Cc: huzaifa@glassworld.ae Subject: RE: ITT-Glass/Vendors Registration Good Morning !!! We have received the your bank account details and will be transferring security deposits amount today. Once its done will update you accordingly. Regards,
                                                                                                                                                • From: Dubai Properties <bids@dp-vendors.com <mailto:bids@dp-vendors.com> > Sent: Monday, March 11, 2024 9:47 AM To: huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> ; 'GLASS WORLD ' <sales@glassworld.ae <mailto:sales@glassworld.ae> > Cc: 'Mustafa Rajpurwala' <mustafa@glassworldindustries.com <mailto:mustafa@glassworldindustries.com> > Subject: Re: ITT-Glass/Vendors Registration Greetings from Dubai Properties! Kindly confirm if you received our bank details as you requested for the refundable security deposit. We have received your complete documents; we will proceed with the registration once we receive your payment. We wait for your feedback. Best Regards, Louis Jackson General Manager/Vendors/Supplier Relation Management Dept. Dubai Properties L.L.C. Vision Tower, 10th floor, Al Khaleej Al Tejari 1 Stree Dubai Email: bids@dp-vendors.com <mailto:bids@dp-vendors.com> Tel: +971 525569382 Fax: +971 4771 3600 ________________________________
                                                                                                                                                • From: huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> <huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> > Sent: Saturday, March 9, 2024 3:45 PM To: Dubai Properties <bids@dp-vendors.com <mailto:bids@dp-vendors.com> >; 'GLASS WORLD ' <sales@glassworld.ae <mailto:sales@glassworld.ae> > Cc: 'Mustafa Rajpurwala' <mustafa@glassworldindustries.com <mailto:mustafa@glassworldindustries.com> > Subject: RE: ITT-Glass/Vendors Registration Dear Louis, Greetings, Please find the Attached Trade License. Thanks & Regards,
                                                                                                                                                • From: Dubai Properties <bids@dp-vendors.com <mailto:bids@dp-vendors.com> > Sent: Saturday, March 9, 2024 3:12 PM To: GLASS WORLD <sales@glassworld.ae <mailto:sales@glassworld.ae> > Cc: 'Mustafa Rajpurwala' <mustafa@glassworldindustries.com <mailto:mustafa@glassworldindustries.com> >; huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> Subject: Re: ITT-Glass/Vendors Registration Greetings from Dubai Properties L.L.C.! This is to acknowledge the receipt of your email with your filled form, kindly send us your Company Trade License Copy. As you requested, kindly see our bank details in the below attachments. The application deposit must be remitted directly to our DP's bank through Digital Banking Transfer or ATM Cash Deposit only. (1) An Invoice with bank details of Dubai Properties L.L.C. (2) Declaration Letter from Dubai Properties L.L.C covering the proposed refundable application fees after two weeks. We recommend you provide us proof of payment once the refundable deposit is sent to our DP's bank account for proper record and to proceed with the registration. Best Regards, Louis Jackson, General Manager/Vendors/Supplier Relation Management Dept. Dubai Properties L.L.C. Vision Tower, 10th floor, Al Khaleej Al Tejari 1 Stree Dubai Email: bids@dp-vendors.com <mailto:bids@dp-vendors.com> Tel: +971 525569382 Fax: +971 4771 3600 ________________________________
                                                                                                                                                • From: GLASS WORLD <sales@glassworld.ae <mailto:sales@glassworld.ae> > Sent: Saturday, March 9, 2024 10:15 AM To: Dubai Properties <bids@dp-vendors.com <mailto:bids@dp-vendors.com> > Cc: 'Mustafa Rajpurwala' <mustafa@glassworldindustries.com <mailto:mustafa@glassworldindustries.com> >; huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> <huzaifa@glassworld.ae <mailto:huzaifa@glassworld.ae> > Subject: RE: ITT-Glass/Vendors Registration Dear Louis, Good Morning!! Please find attached Forms filled as per the instructions & Company Trade License Copy. Please provide us your Bank Details for the EOI Mandatory Registration Refundable Deposit. Please let us know if there are any other documents needed for this registration process. Thanks & regards.
                                                                                                                                                • From: Dubai Properties <bids@dp-vendors.com <mailto:bids@dp-vendors.com> > Sent: Thursday, March 7, 2024 10:39 AM To: sales@glassworld.ae <mailto:sales@glassworld.ae> Subject: ITT-Glass/Vendors Registration Greetings from Dubai Properties. Notice for vendors registration/update, Dubai Properties is a Dubai based real estate pioneer developer. Dubai Properties oversees a varied development portfolio of residential, commercial, retail and hospitality projects across Dubai, creating opportunities for real estate investors and residents. Dubai Properties has a strong pipeline of current and future projects tailored to meet the needs of real estate investors in the region, including Mudon Community and Remraam in DUBAILAND, Manazel Al Khor and Dubai Wharf located at Dubai Creek. Dubai Properties have signed a loan of AED2.5 billion (Two Billion Five Hundred Million Emirates Dirham) in collabration of Dubai Government with (Abu Dhabi Commercial Bank PJSC) to facility our Mega Projects and invite you to submit an Expression of Interest ("EOI) for shortlisting as Eligible Bidder to be provided with the Tender Package/RFP to submit a Tender/Proposal for the following works and services. Note: We are starting projects of housing units here in Dubai UAE, we are building 1000 Units of Duplex Apartments, 20 High Rise building containing Residential Apartments and Offices, Construction of Roads & Glass Works etc. This mega project will kick off by next of April 2024, the project details, subject & various locations will be review to you upon the completion of the registration. The purpose of this, is to enable prospective Contractors/Vendors and exiting vendors, who are interested in receiving the Invitation to Tender (ITT) or Request for Quotation(RFQ), to provide us with sufficient information, all the companies in UAE is allowed to register and pasticipate in Tender Package/RFP. If you have intention to participate on the process, please confirm your interest by filling and signing the Expression of Interest Letter" attached below with this email and return same to us not later than 11th March 2024 via bids@dp-vendors.com <mailto:bids@dp-vendors.com> as confirmation of your intention to submit your Registration Application/ Company documents on or before the deadline 14th March 2024. We appreciate your interest in this invitation, and look forward to your early response. Best Regards, Louis Jackson, General Manager/Vendors/Supplier Relation Management Dept. Dubai Properties L.L.C. Vision Tower, 10th floor, Al Khaleej Al Tejari 1 Stree Dubai Email: bids@dp-vendors.com <mailto:bids@dp-vendors.com> Tel: +971 525569382 Fax: +971 4771 3600
                                                                                                                                                Attachments:
                                                                                                                                                • Outlook-ded4e0vo.png
                                                                                                                                                • Outlook-uhjydga0.png
                                                                                                                                                • Outlook-cxayrjmu.png
                                                                                                                                                • Outlook-kgniut2k.png
                                                                                                                                                • Outlook-dpgdgpv3.png
                                                                                                                                                • Outlook-4ahxt3c2.png
                                                                                                                                                • Outlook-dgtlat3g.png

                                                                                                                                                Headers

                                                                                                                                                Key Value
                                                                                                                                                Delivered-Tomustafa@glassworld.ae
                                                                                                                                                Receivedfrom CTXP275MB0328.ZAFP275.PROD.OUTLOOK.COM
                                                                                                                                                Mon, 11 Mar 2024 0522:49 -0700 (PDT)
                                                                                                                                                X-Google-Smtp-SourceAGHT+IEo/BFj4jenj3jPYZL2MWQRunQplDrWQFwNUIizvOcybepM04SvZU/f4u5QUf6V56NxavRf
                                                                                                                                                X-Receivedby 2002:ae9:e106:0:b0:788:5f38:de06 with SMTP id g6-20020ae9e106000000b007885f38de06mr387797qkm.1.1710159769557;
                                                                                                                                                ARC-Seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
                                                                                                                                                ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                                                                                                                                                h=mime-versionmsip_labels:content-language:accept-language
                                                                                                                                                subject:cc:to:from;
                                                                                                                                                ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass
                                                                                                                                                spf=pass (google.comdomain of bids@dp-vendors.com designates 2a01:111:f403:c208::3 as permitted sender) smtp.mailfrom=bids@dp-vendors.com
                                                                                                                                                Return-Path<bids@dp-vendors.com>
                                                                                                                                                Received-SPFpass (google.com: domain of bids@dp-vendors.com designates 2a01:111:f403:c208::3 as permitted sender) client-ip=2a01:111:f403:c208::3;
                                                                                                                                                Authentication-Resultsmx.google.com;
                                                                                                                                                h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
                                                                                                                                                JN2P275MB0602.ZAFP275.PROD.OUTLOOK.COM (26031086:0:7::6) with Microsoft SMTP
                                                                                                                                                15.20.7362.35; Mon, 11 Mar 2024 1222:40 +0000
                                                                                                                                                ([fe80:e50b:5788:85b8:fbac%4]) with mapi id 15.20.7362.035; Mon, 11 Mar 2024
                                                                                                                                                1222:40 +0000
                                                                                                                                                FromDubai Properties <bids@dp-vendors.com>
                                                                                                                                                To"mustafa@glassworld.ae" <mustafa@glassworld.ae>
                                                                                                                                                CC"huzaifa@glassworld.ae" <huzaifa@glassworld.ae>
                                                                                                                                                SubjectRe: ITT-Glass/Vendors Registration
                                                                                                                                                Thread-TopicITT-Glass/Vendors Registration
                                                                                                                                                Thread-IndexAQHacFoQVAenmkxXJEWEpdYRmVlwD7Eu8ZSAgABRELGAAAtOgIACv6Q/gAACu4CAAA+qgIAAXHoz
                                                                                                                                                DateMon, 11 Mar 2024 12:22:40 +0000
                                                                                                                                                Message-ID<CTXP275MB0328530003EE8114DD5441FBE7242@CTXP275MB0328.ZAFP275.PROD.OUTLOOK.COM>
                                                                                                                                                References<CTXP275MB0328600B710B1396ECA61889E7202@CTXP275MB0328.ZAFP275.PROD.OUTLOOK.COM>
                                                                                                                                                In-Reply-To<000801da7380$5958c950$0c0a5bf0$@glassworld.ae>
                                                                                                                                                Accept-Languageen-US
                                                                                                                                                Content-Languageen-US
                                                                                                                                                X-MS-Has-Attachyes
                                                                                                                                                X-MS-TNEF-Correlatormsip_labels:
                                                                                                                                                authentication-resultsdkim=none (message not signed)
                                                                                                                                                x-ms-publictraffictypeEmail
                                                                                                                                                x-ms-traffictypediagnosticCTXP275MB0328:EE_|JN2P275MB0602:EE_
                                                                                                                                                x-ms-office365-filtering-correlation-idb714498e-a9cb-4d1b-89ba-08dc41c5f203
                                                                                                                                                x-ms-exchange-senderadcheck1
                                                                                                                                                x-ms-exchange-antispam-relay0
                                                                                                                                                x-microsoft-antispamBCL:0;
                                                                                                                                                x-microsoft-antispam-message-infoMOB0IjcaEdiLx7Ug8ywzI7H4cvrbKbGXlFGmU+3cFZKcVVVahxl9KW6V9Vn7Axef+5M0NATtVbp++vU+Q5MJujVb++8kx3m/U7YMjG96mpJxh2ltbA7M4nd9348ssrWxwYM9TqRvlK0wYacmnlsYZERG2Jz2FMQBkL+vloAOWoUV9SCcWMK9zH195Xl3c9P3R/Pg83rl2KHklZ+Dl+B092gnW1qczQKVIAo1yQt5/IljBFrc0+hDSQvBvd+tdugr5tc17SLWs0bpUp2sFQEZ3LkySbVzb7sIUGmCTHxyERu+RlIBvcuFQuMpaxha4tUnn/i4lHY8PiFRfFcluoth2e2krjd7kqibqtRY/jRYTRyir+YnQhvXhjXWlCC2yVjNTYhPc3JAfs85K1WKsi0AcNcc52cku4E2eTpJc8skODNdsOjm4H8zpYS1HniW5hbcBLsD8jYYU9IZ8eb+RoLSaI15wWLwtuCiNc598+6ZKMfBAMC4Ki0jEqf2RKTjlJSZRDwVPxPmTGzo/c8OdOrT5MgsRLk4MbB1oQDlwv38LMhu+1ZHdgQvL4RpTMdgJLHGGk/gD125R7V0Dud6XGOKOZ6z+uUdlYckVqn3KNu3xYGxrsqGtHB0pyayAl/+ulx5aICr90bXPgUrcG7r0Wnze5pF4SkCtIwH55PcYrV1hYPKjqU3gKcfkwBHzzlp1SWw+xSLOQnWwyvqHDi/D3emHBMy23nVnm5ZH0b3zEPTK2U=
                                                                                                                                                x-forefront-antispam-reportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CTXP275MB0328.ZAFP275.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(586008)(376005)(38070700009);DIR:OUT;SFP:1102;
                                                                                                                                                x-ms-exchange-antispam-messagedata-chunkcount1
                                                                                                                                                x-ms-exchange-antispam-messagedata-0=?Windows-1252?Q?qMGrq+rpTeX2CPJ3eszBgO1dqw2vTcbSUUxpWLy3ewHXxlyG4ySCdukT?=
                                                                                                                                                Content-Typemultipart/related;
                                                                                                                                                MIME-Version1.0
                                                                                                                                                X-OriginatorOrgdp-vendors.com
                                                                                                                                                X-MS-Exchange-CrossTenant-AuthAsInternal
                                                                                                                                                X-MS-Exchange-CrossTenant-AuthSourceCTXP275MB0328.ZAFP275.PROD.OUTLOOK.COM
                                                                                                                                                X-MS-Exchange-CrossTenant-Network-Message-Idb714498e-a9cb-4d1b-89ba-08dc41c5f203
                                                                                                                                                X-MS-Exchange-CrossTenant-originalarrivaltime11 Mar 2024 12:22:40.4301
                                                                                                                                                X-MS-Exchange-CrossTenant-fromentityheaderHosted
                                                                                                                                                X-MS-Exchange-CrossTenant-idd1f03d93-4c89-4169-9f90-16d3f6385cfb
                                                                                                                                                X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
                                                                                                                                                X-MS-Exchange-CrossTenant-userprincipalnamenfGYHVE227by6zxNa6SfFI5511ljcHIkNsgn2ErEood1UBdcWU3OqPZlKhBXGa8WKsxLOCybw/4Fh5DEtmvyCw==
                                                                                                                                                X-MS-Exchange-Transport-CrossTenantHeadersStampedJN2P275MB0602
                                                                                                                                                dateMon, 11 Mar 2024 13:22:40 +0100

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:c4e1928eacb280a2

                                                                                                                                                Network Behavior

                                                                                                                                                No network behavior found

                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:1
                                                                                                                                                Start time:09:58:33
                                                                                                                                                Start date:25/04/2024
                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Re_ ITT-Glass_Vendors Registration (13).msg"
                                                                                                                                                Imagebase:0xbb0000
                                                                                                                                                File size:34'446'744 bytes
                                                                                                                                                MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:2
                                                                                                                                                Start time:09:58:35
                                                                                                                                                Start date:25/04/2024
                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C91DE6C-012E-40FA-B6E4-4A916357AA90" "AB6D7A72-3249-4203-8659-587BA1FE438F" "2228" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                Imagebase:0x7ff726840000
                                                                                                                                                File size:710'048 bytes
                                                                                                                                                MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:false

                                                                                                                                                Disassembly

                                                                                                                                                No disassembly