Windows Analysis Report
FW EXTERNAL Check Approval.msg

ID:	1438587
Product:	CloudBasic
Start time:	21:38:02
Start date:	08.05.2024
Sample:	FW EXTERNAL Check Approval.msg
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2404b6f740334e48899b59783285106e
SHA1:	f759a8f89d6d5feeb8e8f1587a31437582b6708e
SHA256:	0250eb1de58e9c5baf2319df43c4f156c462c7f83309929af349d0dcb623efa8
Filetype:	Outlook Message (71009/1) 58.92%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	BB71FD620BED0DAA1484E5FD11E81F49	1FF26FF7B56137FD8DAAD1A9A7925141DAA8B169	F42932F737602E9CD64D850C6C2DC97E74107F09CCA59DB9E13B7D1B4AFB480C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A6BBFC8-B0DF-4BD2-8BC5-514058BBE8D7	XML 1.0 document, ASCII text, with CRLF line terminators	3769FA6A3C68D5F6E6630710E903CDCB	7E3A646410DD4D41AF4A1775D0697F53317F90D0	73B41F25029B96A3996F4FA6C012C1144FE3D22E08FAC9C576308287B38FC0CD
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	B4220672CFEC6141013908FDDEEC0F1B	B9CA97A3836675A96788A5B15F9FDD000292C72E	BBB8DAA62C08C140B942AC1D9421A8C9FD57DA77618698F48578FACDFB285303
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	E9171D5E52E36CB4300875D412A4748F	2F9578DE279F5EF55CB7F201AF8D1F24BB66BFCC	BB5243F8E629A3C82F802BD9E34D95B4E387EE07B34AA62DE15D8839CBBBA090
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48DE0F66.dat	PNG image data, 265 x 52, 8-bit/color RGBA, non-interlaced	2CA36B299B426D9E3A725B1F6FA3C208	4084533929AAF4C7CD029C1650AC146252165AC3	A539AC1E529EE352397B7183E74495CCF3D28089DB7DC95776CF646B957F6D2D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A6726D85-151E-4917-BA33-FAD27D55F161}.tmp	data	C9A0F1A895A79C369DCAADBD5B0A3361	2D07C63463C4A46A6130D98D877F0B5D8837B51A	7A41F5E37063A0BCDAE29D585B1FF7BE87AF584B52B7D8BBF438EF862DDC3AB4
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715197116333350000_17045F0C-FBE2-4641-AB67-001D016ADAA3.log	ASCII text, with very long lines (28758), with CRLF line terminators	2ABB1047E51CD89F921CEC31794A2F31	0AF8554E039F22EE34495989C2F6947A843ED61F	97511C8F7E849E46A8380DC02C02DD8455B4E752B382D8CA004E65F397E4201D
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715197116334121900_17045F0C-FBE2-4641-AB67-001D016ADAA3.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240508T2138360153-6492.etl	data	F28112D9A34FC98410FBF94FDABF863E	4C3C97D5FE01DDB1BF4086CC1F5AA596689331B6	2E706BBFB8DA028A01BECFA7D6B5EFE6BC5BE7DBBF5AFB8069C4AF2879725A30
C:\Users\user\AppData\Local\Temp\~DF684BABB34DC80CE0.TMP	data	AAD34336BF21D46BEEE5FAB1D605D489	803144488140E18B18BBAEA43B3D92C829688ED2	F578FF960BE3087F5EF935BC39FE73F33A06F7777B7A8F49E01D4D41D8A3C960
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	3C8209FB8320F928A91057F7F721A88E	A04B6040AB8C20BF7C3415A056D47DD57E64B933	48D30025BDAEBCCE5AECC04B671A03AA47FE8CD396D67DCDC831BECCD4A49B0E
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C5A12EA2F9C2D2A79155C1BC161C350C	75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A	61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:38:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F7F56C52A623F896CF729D9CABB4DB89	061385EAE92EF922BDED7BE6A60996FD9D034C7D	54617AEADE70B64EED6A653C80EEDA10C19CBEF4F5C77D58987D0CDCE7D32ABF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:38:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8FFBAF2D1CE8567600B572A2F865F46F	8F0823B0D78D9F4EB81E7AECCD5A9C31C513F0EC	24630321BD68726604B3757EC39E65DBFA12269E412EC41313DFFFDB97078732
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	44F872ABF2EA23E30505D57B196C122D	4BB0E0F58F0BE7906F9114144C90B30DF19EE11E	42A243286E1EF795AA72A20F0DB6F9171F8C6F62C8B9B5C197DEA8EB981BBDD3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:38:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	802493696A783391E34FC75CA987167B	6A268C49B7901B159778794EBDAE824A530F2A1E	2ADD0D6D878F54AD09E2B4BC40C7BC07F3E8F6B23A4D4EF7F6183EAE2515D5A9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:38:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	87676106F131E345A155CCC85555F05F	1843D1D7BAE90DCBB5E17709D575EC09D15F9024	7CE71A0F298B44C0290292165686F0F387993B773A1130694B92A028429D0731
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:38:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	924650CB148A6A5A27A84038E28D3CCE	CFADA92DFDD0A1A4FAE2C97FB6921EF352AA6F3C	E0B70EE90397827161276C516BB0BF1B651E2E857B6F9A19C2E5BEE5513C71B4
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	923641B6192D72315D4B8E5292D022CB	E4D62C73C223CFA0FAB8395471C559302E88E502	34EDB36773EE5F1951C7A727395FAA25AF5E5FB781FB438DDA9A3E1F0DDEDE63
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	1B68BFB2258D7C7A018E107ACDA93FF8	6D02AF6F4A9A7C2F064EA00E96FEC73D31BBDDB3	0C5DD5AAE9CA11BEFD147EEE7F03DDDF84A9C331BB604DAA1671C84D17C5A7F5
Chrome Cache Entry: 71	ASCII text, with no line terminators	53AF239EE5D3E261545DEDEDCB6FFD57	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
Chrome Cache Entry: 72	ASCII text, with very long lines (3664)	69CA4C0F4D2743ABEE88BA8FCB5951F0	FF27E015DBE07123E8AF90E6F013B572CD51CF52	0B42F53DB541BBBB41F34989B6A338D2823E330269335D7845F1FCE9112D77EC
Chrome Cache Entry: 73	HTML document, ASCII text, with no line terminators	6147CA10712E483B5EE714D29C21E439	7BFFD4014EFE0ACE62D03599877153159E2A01B6	E5128B5E331CAD19DF2F67041FFC85BF716D6E6106DEA098C37524593FB268E9
Chrome Cache Entry: 74	ASCII text, with very long lines (3319)	439C7708CB4D0DC2830BC5CB1321C742	831B771778BE714B3CF9CBB6E5B4544EB9050702	8093F62DA12598A542A665905AEB44ECC2ADBCF442FDFC33AA0BDC46E18E9C7D
Chrome Cache Entry: 75	ASCII text, with very long lines (7784), with no line terminators	F7715537C6744716002C71C98ACDF1D7	C15966FC5D685AC0A1D8470BC9C1136BE37DBA0C	59F6909D64DBCEC3B9CB5667F2BC60C6DA09E837E636B9706F32649CC4829649
Chrome Cache Entry: 77	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x28, components 3	D9DBE534709BF946943CBCA0FB55E61F	A69E5E1F25AEF49CC1A8BB2C4031B62615BF3880	00FF6AB3F13675A1DA9D1A69726E448DA7EB830395708A26BD90A313253BC634

Phishing

Source: https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_h

LLM: Score: 8 Reasons: The URL provided exhibits characteristics commonly associated with typosquatting, which is a type of cyber attack where a malicious domain is created to resemble a legitimate one, often by misspelling or using a similar domain name. The reasons for this risk assessment are as follows: 1. Length of the URL: The URL is excessively long, which can be an attempt to obfuscate the true domain name. 2. Lack of human-readable components: The URL does not contain any easily recognizable words or phrases, making it difficult for users to identify the actual domain. 3. Use of special characters: The URL contains a large number of special characters, which can be used to create a domain that resembles a legitimate one. 4. Hyphens in the domain name: The URL contains multiple hyphens in the domain name, which is a common tactic used in typosquatting attacks. 5. Lack of a clear brand name: The URL does not contain any clear brand name, making it difficult to determine the true owner of the domain. Given these factors, it is recommended to exercise caution when accessing this URL. It is possible that it is a typosquatted domain, which could be used for phishing, malware distribution, or other malicious activities. DOM: 2.3.pages.csv

Source: https://pdf-image.org/	HTTP Parser: No favicon
Source: https://pdf-image.org/	HTTP Parser: No favicon
Source: https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2Fhttps://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2F	HTTP Parser: No favicon

Compliance

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49733 version: TLS 1.2

Software Vulnerabilities

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 26MB

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.150.100.65
Source: unknown	TCP traffic detected without corresponding DNS query: 20.150.100.65
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: secure-web.cisco.com
Source: global traffic	DNS traffic detected: DNS query: pdf-image.org
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49733 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window created: window name: CLIPBRDWNDCLASS

System Summary

Source: classification engine

Classification label: sus22.phis.winMSG@30/26@14/157

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240508T2138360153-6492.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW EXTERNAL Check Approval.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6DE79C5E-3DE5-4591-948E-219D95B7F91D" "9E663AD4-92CB-4F5B-B9DD-2F77DD91C7BC" "6492" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2F
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,3405720180451191570,18100183712643827559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6DE79C5E-3DE5-4591-948E-219D95B7F91D" "9E663AD4-92CB-4F5B-B9DD-2F77DD91C7BC" "6492" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2F
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,3405720180451191570,18100183712643827559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2F
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1996,i,1548859053847161888,10154591588167090725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure-web.cisco.com/107-TjUeqXLN5-AhpQ0ShpJqsX8wKbIQEiPDlMWWmuPmOqAIa-VmiHDgdCNaLXf02c5QSZ2bTeg_NmlEx94g147cni-IvjGzUi9NLcM9-dB1lK3YnpEf-GgGMUgctv9-3kTdUsnYo2ImAau6q4igXJWC4DauYsPhd8JQSov0ij09hX21BBRWaQDHvwSmsCvdf1D03fj7unVlRMiQkAwuyKrUp69_hiAebH_OuTHF1jZHEGRERkEWa2ifSh9xt1t7Ypgz8NC05s_YXd4F-fGtoN6mRWbdhqleaene1p2Xl5g0lcdNgI4L3J6LvpEU_xQQKRI62cP08qoPD6-OZLyLhMmzL4Kq220fERL4DqqHNs1cOV8jrFzzZGbf8EdNsCE6JKEKYorVL43rqgcv5gdwEMweoBJpVtCzvj-iCD3barYrCBGWSHiTZIL_Gw9WABxUS/https%3A%2F%2Fpdf-image.org%2F
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1996,i,1548859053847161888,10154591588167090725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Language, Device and Operating System Detection

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid