Windows Analysis Report
(No subject) (15).eml

Overview

General Information

Sample name: (No subject) (15).eml
Analysis ID: 1458481
MD5: 17c20b28f97e6d99d2cbc844909da4ff
SHA1: ecd09ff60c62dd5725ce0f89a016cb53a3f8a18e
SHA256: 7f8470f31dfd723747c1227f2e6af22cc59aa79cc041ef7f261f95c4d49fbced
Infos:

Detection

Score: 5
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Found iframes
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Found iframes
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
HTML body contains low number of good links
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: Title: Redirecting does not match URL
Source: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No favicon
Source: https://login.microsoftonline.com/savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=3afcd940-e449-4489-2a6b-faa656a8d63a&partnerId=smcconvergence&idpflag=proxy HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No favicon
Source: https://support.microsoft.com/en-us/silentsigninhandler HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0 HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638542372013076177.OWM2ZWYwYTYtMmY1MS00MmI4LTg0MDItMjE0NzZiNWM4NDgwMDE0ZTdkNmEtMTc4My00NDM0LWE4ZTUtMjM2MzAzYzRlOTYz&prompt=none&nopa=2&state=CfDJ8CiTzr73KWNFsUGcHEnPeJprXgJOaFFnEAd3NxwobjQiZNY1-zunfKg-ERu-iR63T82YfxXKyIcvIyw4rOwxva4yXEFq-JY7CJVctzNVzcxMUzih4_E9baV1wgNaP657HFWBgy-p0QoxS9cg4rN7LiaI_DXVxy3KUhzkXDOsYGk3KiJxo9CxqXJsQ5ppGVbn5iMzycRhgt4tZv0hD5qMI8vLoZTMxixghfsd7Avxep6hiLsQCBhg4VwX1J4M7sdlPPUXMrZSfB9DkM_CIrwtVDM0H8XVnFpssLtK3A5hGzLz8rMDdudEzPtHAe4QT72ZR3wz3v4xYootGXu4l21__YFNsghdxK9ejsmbJxVOncdk&x-client-SKU=ID_NET6_0&x-client-ver=6.35.0.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.16:49813 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.42 13.107.246.42
Source: Joe Sandbox View IP Address: 13.107.246.67 13.107.246.67
Source: Joe Sandbox View IP Address: 104.47.65.28 104.47.65.28
Source: Joe Sandbox View IP Address: 13.107.253.44 13.107.253.44
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.96.120
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MKf4UutyTrse9VK&MD=PMsBx7oK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MKf4UutyTrse9VK&MD=PMsBx7oK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/me/MeControl/10.24086.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/js/FetchSessions_Core_IjgrZlvKzcbjDk5QwpFvYA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /16.000/content/js/MeControl_v6QmZT1KIHvYorogrcRgqA2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: chromecache_129.13.dr String found in binary or memory: "//www.linkedin.com/shareArticle?mini=true&url=" + equals www.linkedin.com (Linkedin)
Source: chromecache_129.13.dr String found in binary or memory: url: "//www.facebook.com/share.php?u=" + h, equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
Source: global traffic DNS traffic detected: DNS query: link.qualicarehq.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: aka.ms
Source: global traffic DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic DNS traffic detected: DNS query: mem.gfx.ms
Source: global traffic DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic DNS traffic detected: DNS query: support.content.office.net
Source: global traffic DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic DNS traffic detected: DNS query: microsoftwindows.112.2o7.net
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: amp.azure.net
Source: unknown HTTP traffic detected: POST /unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 HTTP/1.1Host: link.qualicarehq.comConnection: keep-aliveContent-Length: 47Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://link.qualicarehq.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 5f 74 6f 6b 65 6e 3d 6a 77 67 4a 7a 76 46 53 4e 36 6a 77 52 4d 66 35 34 37 47 61 44 73 45 52 53 67 6c 77 42 7a 79 75 7a 66 50 59 46 64 41 4e Data Ascii: _token=jwgJzvFSN6jwRMf547GaDsERSglwBzyuzfPYFdAN
Source: chromecache_155.13.dr String found in binary or memory: http://feross.org
Source: chromecache_145.13.dr String found in binary or memory: http://github.com/aFarkas/lazysizes
Source: chromecache_183.13.dr String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_174.13.dr String found in binary or memory: http://github.com/requirejs/domReady
Source: chromecache_174.13.dr String found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: chromecache_157.13.dr String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4EIZB?ver=f4a3
Source: chromecache_201.13.dr String found in binary or memory: http://knockoutjs.com/
Source: (No subject) (15).eml String found in binary or memory: http://link.qualicare=
Source: chromecache_118.13.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_155.13.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_201.13.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: (No subject) (15).eml, ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_158.13.dr String found in binary or memory: https://assets.onestore.ms
Source: chromecache_157.13.dr String found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/0f937af8-d731-4ff2-a223-053a9189b20e/91f6
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://eus-streaming-video-rt-microsoft-com.akamaized.net/7070043d-58fb-4f43-b0cf-89f6dbf4bb38/91f6
Source: (No subject) (15).eml String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F=
Source: (No subject) (15).eml String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2=
Source: ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%
Source: ~WRS{7FD7D16D-3FCE-42DD-B865-8CF60D158DB4}.tmp.0.dr String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.qualicarefranchise.com%2F&data
Source: chromecache_201.13.dr String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_158.13.dr String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: chromecache_120.13.dr String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_120.13.dr String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_158.13.dr String found in binary or memory: https://mem.gfx.ms
Source: chromecache_158.13.dr String found in binary or memory: https://microsoftwindows.112.2o7.net
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4EIXC-enus?ver=e63f
Source: chromecache_184.13.dr, chromecache_157.13.dr String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4EIXC-tscriptenus?v
Source: chromecache_150.13.dr String found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: (No subject) (15).eml String found in binary or memory: https://www.qualicarefranchise.com
Source: (No subject) (15).eml String found in binary or memory: https://www.qualicarefranchise.com/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: classification engine Classification label: clean5.winEML@28/176@36/12
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240617T1205090263-6224.etl Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (15).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "17FEE2AA-873B-4A33-BCE7-1015CB2AE623" "EC9F5879-7A27-4F43-8733-8318AF55FD17" "6224" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,17629697041642773108,6296585220422506715,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,10667882965112193034,14380702626351482443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "17FEE2AA-873B-4A33-BCE7-1015CB2AE623" "EC9F5879-7A27-4F43-8733-8318AF55FD17" "6224" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,17629697041642773108,6296585220422506715,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,10667882965112193034,14380702626351482443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1458481 Sample: (No subject) (15).eml Startdate: 17/06/2024 Architecture: WINDOWS Score: 5 6 OUTLOOK.EXE 52 102 2->6         started        process3 8 chrome.exe 8 6->8         started        11 chrome.exe 6->11         started        13 ai.exe 6->13         started        dnsIp4 20 192.168.2.16, 138, 443, 49176 unknown unknown 8->20 22 239.255.255.250 unknown Reserved 8->22 15 chrome.exe 8->15         started        18 chrome.exe 11->18         started        process5 dnsIp6 24 aka.ms 23.51.49.155, 443, 49721, 49722 TMNET-AS-APTMNetInternetServiceProviderMY United States 15->24 26 microsoftwindows.112.2o7.net 63.140.62.17, 443, 49811 OMNITUREUS United States 15->26 28 30 other IPs or domains 15->28
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
23.51.49.155
 aka.ms United States
4788 TMNET-AS-APTMNetInternetServiceProviderMY false
13.107.246.42
 s-part-0014.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.67
 s-part-0039.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
35.222.146.56
 custom.autoklose.com United States
15169 GOOGLEUS false
104.47.65.28
 gcc02.safelinks.protection.outlook.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.253.44
 s-part-0016.t-0009.fb-t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.253.45
 s-part-0017.t-0009.fb-t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
63.140.62.17
 microsoftwindows.112.2o7.net United States
15224 OMNITUREUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
s-part-0014.t-0009.t-msedge.net 13.107.246.42 true
microsoftwindows.112.2o7.net 63.140.62.17 true
s-part-0016.t-0009.fb-t-msedge.net 13.107.253.44 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
s-part-0017.t-0009.fb-t-msedge.net 13.107.253.45 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
www.google.com 142.250.185.132 true
aka.ms 23.51.49.155 true
s-part-0039.t-0009.t-msedge.net 13.107.246.67 true
custom.autoklose.com 35.222.146.56 true
gcc02.safelinks.protection.outlook.com 104.47.65.28 true
js.monitor.azure.com unknown unknown
aadcdn.msftauth.net unknown unknown
logincdn.msftauth.net unknown unknown
assets.onestore.ms unknown unknown
link.qualicarehq.com unknown unknown
mem.gfx.ms unknown unknown
c.s-microsoft.com unknown unknown
support.content.office.net unknown unknown
login.microsoftonline.com unknown unknown
amp.azure.net unknown unknown
acctcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js false
  • URL Reputation: safe
 unknown
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meCore.min.js false
  • URL Reputation: safe
 unknown
https://logincdn.msftauth.net/16.000/content/js/MeControl_v6QmZT1KIHvYorogrcRgqA2.js false
  • Avira URL Cloud: safe
 unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_IjgrZlvKzcbjDk5QwpFvYA2.js false
  • Avira URL Cloud: safe
 unknown
http://link.qualicarehq.com/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flink.qualicarehq.com%2Funsubscribe%2F12a011fe-9ee5-4bc4-b08b-80bfcb339643&data=05%7C02%7Cgkumarllemos%40santaclaraca.gov%7C28e8731ba511448bf2bc08dc8e0de978%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638541437959076247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=63WSVCZ4zDlKY0SVGGdGGtyQ6GsYkj941ELeo8naH4M%3D&reserved=0 false
  • Avira URL Cloud: safe
 unknown
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1 false
  • Avira URL Cloud: safe
 unknown
https://aka.ms/LearnAboutSenderIdentification false
  • Avira URL Cloud: safe
 unknown
https://ipinfo.io/ false
  • URL Reputation: safe
 unknown
http://link.qualicarehq.com/unsubscribe/12a011fe-9ee5-4bc4-b08b-80bfcb339643 false
    		unknown
    https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js false
    • Avira URL Cloud: safe
    		 unknown