Windows Analysis Report
(No subject) (15).eml

Overview

General Information

Sample name: (No subject) (15).eml
Analysis ID: 1458481
MD5: 17c20b28f97e6d99d2cbc844909da4ff
SHA1: ecd09ff60c62dd5725ce0f89a016cb53a3f8a18e
SHA256: 7f8470f31dfd723747c1227f2e6af22cc59aa79cc041ef7f261f95c4d49fbced
Infos:

Detection

Score: 5
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Found iframes
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Title: Redirecting does not match URL
Source: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No favicon
Source: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3afcd940-e449-4489-2a6b-faa656a8d63a&partnerId=smcconvergence&idpflag=proxy HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/silentsigninhandler HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: global traffic TCP traffic: 192.168.2.16:49813 -> 1.1.1.1:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: Joe Sandbox View IP Address: 13.107.246.42 13.107.246.42
Source: Joe Sandbox View IP Address: 13.107.246.67 13.107.246.67
Source: Joe Sandbox View IP Address: 104.47.65.28 104.47.65.28
Source: Joe Sandbox View IP Address: 13.107.253.44 13.107.253.44
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MKf4UutyTrse9VK&MD=PMsBx7oK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MKf4UutyTrse9VK&MD=PMsBx7oK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_IjgrZlvKzcbjDk5QwpFvYA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /16.000/content/js/MeControl_v6QmZT1KIHvYorogrcRgqA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: chromecache_129.13.dr String found in binary or memory: "//www.linkedin.com/shareArticle?mini=true&url=" + equals www.linkedin.com (Linkedin)
Source: chromecache_129.13.dr String found in binary or memory: url: "//www.facebook.com/share.php?u=" + h, equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
Source: global traffic DNS traffic detected: DNS query: link.qualicarehq.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: aka.ms
Source: global traffic DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic DNS traffic detected: DNS query: support.content.office.net
Source: global traffic DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic DNS traffic detected: DNS query: microsoftwindows.112.2o7.net
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: amp.azure.net
Source: unknown HTTP traffic detected: POST /unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveContent-Length: 47Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://link.qualicarehq.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 5f 74 6f 6b 65 6e 3d 6a 77 67 4a 7a 76 46 53 4e 36 6a 77 52 4d 66 35 34 37 47 61 44 73 45 52 53 67 6c 77 42 7a 79 75 7a 66 50 59 46 64 41 4e Data Ascii: _token=jwgJzvFSN6jwRMf547GaDsERSglwBzyuzfPYFdAN
Source: chromecache_155.13.dr String found in binary or memory: http://feross.org
Source: chromecache_145.13.dr String found in binary or memory: http://github.com/aFarkas/lazysizes
Source: chromecache_183.13.dr String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_174.13.dr String found in binary or memory: http://github.com/requirejs/domReady
Source: chromecache_174.13.dr String found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: chromecache_157.13.dr String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4EIZB?ver=f4a3
Source: chromecache_201.13.dr String found in binary or memory: http://knockoutjs.com/
Source: (No subject) (15).eml String found in binary or memory: http://link.qualicare=
Source: chromecache_118.13.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_155.13.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_201.13.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: (No subject) (15).eml, ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_158.13.dr String found in binary or memory: https://assets.onestore.ms
Source: chromecache_157.13.dr String found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/0f937af8-d731-4ff2-a223-053a9189b20e/91f6
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/7070043d-58fb-4f43-b0cf-89f6dbf4bb38/91f6
Source: (No subject) (15).eml String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F=
Source: (No subject) (15).eml String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2=
Source: ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%
Source: ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.qualicarefranchise.com%2F&data
Source: chromecache_201.13.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_158.13.dr String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: chromecache_120.13.dr String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_120.13.dr String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_158.13.dr String found in binary or memory: https://mem.gfx.ms
Source: chromecache_158.13.dr String found in binary or memory: https://microsoftwindows.112.2o7.net
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4EIXC-enus?ver=e63f
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4EIXC-tscriptenus?v
Source: chromecache_150.13.dr String found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: (No subject) (15).eml String found in binary or memory: https://www.qualicarefranchise.com
Source: (No subject) (15).eml String found in binary or memory: https://www.qualicarefranchise.com/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: classification engine Classification label: clean5.winEML@28/176@36/12
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240617T1205090263-6224.etl Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (15).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "17FEE2AA-873B-4A33-BCE7-1015CB2AE623" "EC9F5879-7A27-4F43-8733-8318AF55FD17" "6224" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,17629697041642773108,6296585220422506715,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,10667882965112193034,14380702626351482443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "17FEE2AA-873B-4A33-BCE7-1015CB2AE623" "EC9F5879-7A27-4F43-8733-8318AF55FD17" "6224" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,17629697041642773108,6296585220422506715,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,10667882965112193034,14380702626351482443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior