Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0 (2).eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0 (2).eml
Analysis ID:1635243
MD5:c9331173c5fe3f3a290cd5a87a685e60
SHA1:e3983386c9c598032724c52ec2ea0559d7a6aded
SHA256:c0725e71ee1fe78294d2b51025e27e139011c81bf4ecfa92c1bbdacc49fb4514
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 1124 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (2).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6404 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E87F98FF-9CCF-4AEC-AE88-F426B0E9C958" "F9ADDF3B-3E77-4632-B553-F263785D8A50" "1124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adobefreeuserschannel.eu1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ& MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,4023531618376137166,1099447762497207435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • HxOutlook.exe (PID: 8040 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 8148 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1124, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Page contains button: 'Review and sign' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'review and sign'
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email combines multiple services (Coinbase, PayPal, Adobe Sign) in an unusual and suspicious way, which is a common phishing tactic. The email contains suspicious formatting of numbers (487.8O uses letter O instead of zero) and phone numbers with zeros replaced by letter O. The sender domain appears legitimate (adobesign.com) but the links point to suspicious domains (adobefreeuserschannel.eu1.documents.adobe.com)
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 95.100.110.16:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: global trafficHTTP traffic detected: GET /pfu1huz.js HTTP/1.1Host: use.typekit.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /af/cb695f/000000000000000000017701/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3 HTTP/1.1Host: use.typekit.netConnection: keep-aliveOrigin: https://adobefreeuserschannel.eu1.documents.adobe.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /consent/7a5eb705-95ed-4cc4-a11d-0cc5760e93db/7a5eb705-95ed-4cc4-a11d-0cc5760e93db.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://adobefreeuserschannel.eu1.documents.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /af/74ffb1/000000000000000000017702/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=i4&v=3 HTTP/1.1Host: use.typekit.netConnection: keep-aliveOrigin: https://adobefreeuserschannel.eu1.documents.adobe.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /af/eaf09c/000000000000000000017703/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n7&v=3 HTTP/1.1Host: use.typekit.netConnection: keep-aliveOrigin: https://adobefreeuserschannel.eu1.documents.adobe.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /af/40207f/0000000000000000000176ff/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n3&v=3 HTTP/1.1Host: use.typekit.netConnection: keep-aliveOrigin: https://adobefreeuserschannel.eu1.documents.adobe.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /af/e301c6/0000000000000000000149e7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1Host: use.typekit.netConnection: keep-aliveOrigin: https://adobefreeuserschannel.eu1.documents.adobe.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://adobefreeuserschannel.eu1.documents.adobe.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /consent/7a5eb705-95ed-4cc4-a11d-0cc5760e93db/7a5eb705-95ed-4cc4-a11d-0cc5760e93db.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: static.echocdn.com
Source: global trafficDNS traffic detected: DNS query: secure.eu1.echocdn.com
Source: global trafficDNS traffic detected: DNS query: use.typekit.net
Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
Source: global trafficDNS traffic detected: DNS query: svs.eu1.adobesign.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 95.100.110.16:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@24/7@14/197
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250311T0929440126-1124.etl
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (2).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E87F98FF-9CCF-4AEC-AE88-F426B0E9C958" "F9ADDF3B-3E77-4632-B553-F263785D8A50" "1124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adobefreeuserschannel.eu1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ&
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,4023531618376137166,1099447762497207435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E87F98FF-9CCF-4AEC-AE88-F426B0E9C958" "F9ADDF3B-3E77-4632-B553-F263785D8A50" "1124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adobefreeuserschannel.eu1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ&
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,4023531618376137166,1099447762497207435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory14
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.cookielaw.org/consent/7a5eb705-95ed-4cc4-a11d-0cc5760e93db/7a5eb705-95ed-4cc4-a11d-0cc5760e93db.json0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
secure.eu1dc2.echosign.com
52.58.63.200
truefalse
    		unknown
    adobe.com.ssl.d1.sc.omtrdc.net
    		63.140.62.222
    		truefalse
      		unknown
      e29329.dsca.akamaiedge.net
      		2.21.20.28
      		truefalse
        		high
        www.google.com
        		142.250.181.228
        		truefalse
          		high
          s-0005.dual-s-dc-msedge.net
          		52.123.131.14
          		truefalse
            		high
            cdn.cookielaw.org
            		104.18.86.42
            		truefalse
              		high
              e208818.dsca.akamaiedge.net
              		95.100.110.16
              		truefalse
                		unknown
                a1988.dscg1.akamai.net
                		88.221.110.26
                		truefalse
                  		high
                  use.typekit.net
                  		unknown
                  		unknownfalse
                    		high
                    svs.eu1.adobesign.com
                    		unknown
                    		unknownfalse
                      		unknown
                      secure.eu1.echocdn.com
                      		unknown
                      		unknownfalse
                        		unknown
                        static.echocdn.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://use.typekit.net/af/74ffb1/000000000000000000017702/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=i4&v=3false
                            		high
                            https://use.typekit.net/af/e301c6/0000000000000000000149e7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3false
                              		high
                              https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3false
                                		high
                                https://cdn.cookielaw.org/consent/7a5eb705-95ed-4cc4-a11d-0cc5760e93db/7a5eb705-95ed-4cc4-a11d-0cc5760e93db.jsonfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n3&v=3false
                                  		high
                                  https://use.typekit.net/pfu1huz.jsfalse
                                    		high
                                    https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n7&v=3false
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      142.250.185.67
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      20.42.73.30
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      142.250.185.206
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      52.58.63.200
                                      		secure.eu1dc2.echosign.comUnited States
                                      		16509AMAZON-02USfalse
                                      1.1.1.1
                                      		unknownAustralia
                                      		13335CLOUDFLARENETUSfalse
                                      2.21.20.28
                                      		e29329.dsca.akamaiedge.netEuropean Union
                                      		20940AKAMAI-ASN1EUfalse
                                      52.58.63.201
                                      		unknownUnited States
                                      		16509AMAZON-02USfalse
                                      2.19.104.203
                                      		unknownEuropean Union
                                      		16625AKAMAI-ASUSfalse
                                      13.107.42.16
                                      		unknownUnited States
                                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      63.140.62.27
                                      		unknownUnited States
                                      		15224OMNITUREUSfalse
                                      74.125.206.84
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      63.140.62.222
                                      		adobe.com.ssl.d1.sc.omtrdc.netUnited States
                                      		15224OMNITUREUSfalse
                                      142.250.181.228
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      52.109.32.97
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      142.250.184.238
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      52.123.131.14
                                      		s-0005.dual-s-dc-msedge.netUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      23.60.203.209
                                      		unknownUnited States
                                      		16625AKAMAI-ASUSfalse
                                      104.18.86.42
                                      		cdn.cookielaw.orgUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      95.101.54.128
                                      		unknownEuropean Union
                                      		34164AKAMAI-LONGBfalse
                                      95.100.110.16
                                      		e208818.dsca.akamaiedge.netEuropean Union
                                      		20940AKAMAI-ASN1EUfalse
                                      88.221.110.26
                                      		a1988.dscg1.akamai.netEuropean Union
                                      		20940AKAMAI-ASN1EUfalse

                                      Private

                                      IP
                                      192.168.2.16

                                      General Information

                                      Joe Sandbox version:42.0.0 Malachite
                                      Analysis ID:1635243
                                      Start date and time:2025-03-11 14:29:14 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:21
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • EGA enabled
                                      Analysis Mode:stream
                                      Analysis stop reason:Timeout
                                      Sample name:phish_alert_sp2_2.0.0.0 (2).eml
                                      Detection:MAL
                                      Classification:mal48.winEML@24/7@14/197
                                      Cookbook Comments:
                                      • Found application associated with file extension: .eml

                                      Warnings

                                      • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 23.60.203.209, 142.250.184.238, 142.250.185.67, 142.250.185.206, 74.125.206.84, 20.42.73.30, 172.217.16.206, 95.101.54.128, 2.16.202.121, 95.101.54.121, 52.123.131.14, 52.58.63.200, 52.149.20.212
                                      • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, accounts.google.com, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, stls.adobe.com-cn.edgesuite.net, fe3cr.delivery.mp.microsoft.com, adobefreeuserschannel.eu1.documents.adobe.com, dual-s-0005-office.config.skype.com, clients2.google.com, redirector.gvt1.com, a1815.dscr.akamai.net, onedscolprdeus18.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net, mobile.events.data.trafficmanager.net, www.adobe.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • VT rate limit hit for: secure.eu1dc2.echosign.com

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7B0C115B-0724-429A-962F-9E5FFE23CAAF

                                      Download File
                                      Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):180025
                                      Entropy (8bit):5.2966506989485085
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:C18E8AE932CDE7C20BA0048241D74C03
                                      SHA1:033D3A1942283B934BBF93E161948403967041BB
                                      SHA-256:59B2B9D141E84C456079400FBE0DEF29E98418605EA5E081A6FE4114DD8C5EF5
                                      SHA-512:D960AF53B5F4FF0C509B0949AF110C572DDE6DD75AD58F3E53ED539612C2305BDE594E4980600A657F4A11474ED2259AF7AF4212B4AE9D7D96FB09CE8610C2E9
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2025-03-11T13:31:21">.. Build: 16.0.18413.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc

                                      C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

                                      Download File
                                      Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):65536
                                      Entropy (8bit):0.1251446463492008
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7B84A5F9B3839AEFE7F1C1D1797493A0
                                      SHA1:1C26436776E3A0F9700C79003E795422659EA93B
                                      SHA-256:6AA9A4A967C305BCC1F948AB8416FC796C20A076E5F9EF6742E31EF617ECD7DA
                                      SHA-512:65F91C50ADE7B1565583121DEBCCDEFFCFB27B4B3C90971F5477BCA54A3F168CCA36253B0CAD5BC14AC7621A2AABB60A890800127E1717269B7AF9626469BE2F
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:............................................................................b............\.\....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................8..........................H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P..........j.\....................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

                                      Download File
                                      Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):65536
                                      Entropy (8bit):0.11975813417213521
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8AEFA30ED45B41DB59E0CEC73EC080E4
                                      SHA1:9B98293884C54ED79382F6FD60CF3C932A6289C8
                                      SHA-256:517C649A72170CB5C095C8F1829BDDFA63EEDAECE29824BF696F483FAFA42F20
                                      SHA-512:0E535A858246E9B7420EE841E915F0F7B03E9FFAC5392B6B9FCE039D039956714980708E423AD1E17B353411DBCD615F76D0515D0F78F353C463C310E3B7CB02
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:............................................................................@.......h....5.[....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................8...........t..............H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P.....h....!.[............................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

                                      Download File
                                      Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                      File Type:MS Windows registry file, NT/2000 or above
                                      Category:dropped
                                      Size (bytes):524288
                                      Entropy (8bit):0.11556978569709438
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9CE870AE62DA837C954863EB96CA4A25
                                      SHA1:4D6FF781A4FF4E8AFBC8BC92BA4FF2D50E01B492
                                      SHA-256:769BFAD488B962CFA8D3163A3879B2742A70A29B20A0A5CFFC55C2C4CA53B80B
                                      SHA-512:F78DD9844201D9C5E5FC7E407679176C9E9F7CA0A334299A311FA2B9361EEA1BB42DFA0D05F71433177AD0EF312D38786D1B3BE3A4FA1AE89C82627C08E501AB
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm...A...............................................................................................................................................................................................................................................................................................................................................9.Ks........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250311T0929440126-1124.etl

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:modified
                                      Size (bytes):102400
                                      Entropy (8bit):4.468899375877914
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:33F41A429B941399957A1ACA2BDE7B4A
                                      SHA1:AA2A730F191965DB81FEA5996592FE8A5E86C29E
                                      SHA-256:0E3EA2C4DDE13912BD6AD4AE4416B911AE0DB3F6E16710B42D1CAD2CC77F939D
                                      SHA-512:AE46049E90837C3428E9F9899DB7B86F0F02E6D74CF7337407D45E99D39A3FE64DF343621A2F282330AF1761253AFACD5F635E7E22075613896A770ADD30635C
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:............................................................................^...(...d...-V......................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................8...........-V..............v.2._.O.U.T.L.O.O.K.:.4.6.4.:.2.0.3.4.7.e.6.2.1.a.b.8.4.2.b.c.8.b.f.8.7.8.7.a.c.c.7.7.6.c.b.1...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.1.1.T.0.9.2.9.4.4.0.1.2.6.-.1.1.2.4...e.t.l.........P.P.(...d...-V..............................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:Microsoft Outlook email folder (>=2003)
                                      Category:dropped
                                      Size (bytes):271360
                                      Entropy (8bit):2.950411226458664
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9ABFB38017ADE0588E9ACC65763A751B
                                      SHA1:1022A3A35BB78F1BB8D2ED8B62EAA96955C732FC
                                      SHA-256:CBF0011D19357754FB26B3B952DB9926CAF8DBEAA341C56BC9EDC66FEBA40654
                                      SHA-512:ADE4759238719E677F48D77B0A066D76E814A658247F5EA363D2C6847D3228FE7E077CC92E2033A62633FBECA2E67E4CE55DC11684924D777B2E4C730F0DFDFF
                                      Malicious:true
                                      Reputation:unknown
                                      Preview:!BDN3..@SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D.......h..........................................................................................................................................................................................................................................................................................................................\........oc.I_......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:DOS executable (COM)
                                      Category:dropped
                                      Size (bytes):131072
                                      Entropy (8bit):3.934245665206077
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D6DF32649E324BF0AB2A6113D7EDF003
                                      SHA1:315C5D1B45D58432DB3CC3FC8ECA3BCE4FA1CBFA
                                      SHA-256:8C4C784E312AE1F00F04B3BD71BE3D0ECBDCCA0697068C65C408B6A7A0FF59F8
                                      SHA-512:F7DCAAF2E08B2DE5A5B1D82A99BD2DCE5FD2A1D66BF7C38B19ADC56E98A7BCAC1558920409BF9675A1F88AE3EBD2FBE7FBB2F6D56E38EBB6686BE212BD9B2F7E
                                      Malicious:true
                                      Reputation:unknown
                                      Preview:.b2.C...m.......d...&<u.......................#.!BDN3..@SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D.......h..........................................................................................................................................................................................................................................................................................................................\........oc.I_..&<u..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:RFC 822 mail, ASCII text, with very long lines (2113), with CRLF line terminators
                                      Entropy (8bit):5.972177903341656
                                      TrID:
                                      • E-Mail message (Var. 5) (54515/1) 100.00%
                                      File name:phish_alert_sp2_2.0.0.0 (2).eml
                                      File size:25'161 bytes
                                      MD5:c9331173c5fe3f3a290cd5a87a685e60
                                      SHA1:e3983386c9c598032724c52ec2ea0559d7a6aded
                                      SHA256:c0725e71ee1fe78294d2b51025e27e139011c81bf4ecfa92c1bbdacc49fb4514
                                      SHA512:431321ed60aac73f81e84b4c8255c0608eaed9a8b00a8381b314545062a504011c1bc0fa3f8bf669062c9d27415bdabab5eb2a1ea726c7681757a9be0437e8a2
                                      SSDEEP:384:5rinClWljzRpWoNUPURGYITSOC/Fhcj5fD524U98OGtFoio+Y4UdxX0f:ICYXpWeUPXS9/mU9BNxkf
                                      TLSH:E6B26C54A29828AB2EB0979C5152BD41E3E160CF4BF2E4F0749FC7474FEA144AB069DF
                                      File Content Preview:Received: from IA2PR16MB6494.namprd16.prod.outlook.com.. (2603:10b6:208:4bb::20) by SA1PR16MB4705.namprd16.prod.outlook.com with.. HTTPS; Mon, 10 Mar 2025 15:49:55 +0000..Received: from DM6PR07CA0060.namprd07.prod.outlook.com (2603:10b6:5:74::37).. by IA2

                                      Static Mail

                                      General

                                      Subject:Signature requested on "Payment Completed Your Order is Being Readied"
                                      From:Customer Care via Adobe Acrobat Sign <adobesign@adobesign.com>
                                      To:pendingorder@cctiochiem.biz
                                      Cc:
                                      BCC:
                                      Date:Mon, 10 Mar 2025 08:46:18 -0700
                                      Communications:
                                      • Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. body, table, div, td, p { font-family: adobe, adobe-clean, "Source Sans Pro", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; color: #2C2C2C; font-weight: 300; } p { margin: 0; padding: 0; } a { border: none; } a, a:link, a:visited, a:hover, a:active { color: #1473e6; text-decoration: none; font-weight: bold; } .separator { margin: 0; border: 1px solid #CACACA; } img { border:0; } span.e_heading { font-size: 12px; font-weight: bold; } h1 { font-size: 28px; font-weight: 300; color: #6E6E6E; padding-bottom: 5px; } .bodyHeading { margin: 0; font-size: 22px; color: #454545; text-align: center; } .footerContainer { margin-top: 16px; font-size: 12px; color: #4b4b4b } ul { font-size: 17px; } .footerContainer p { margin-bottom: 1em; } Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! Customer Care requests your signature on Payment Completed Your Order is Being Readied Review and sign Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Don't forward this email: If you don't want to sign, you can delegate to someone else. Dear Customer, Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed. Transaction Details: Invoice ID: INV-775432 Payment Method: PayPal Status: Completed You can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565. Thank you for choosing PayPal! 487.8O Customer Care requests your signature on Payment Completed Your Order is Being Readied Payment Completed Your Order is Being Readied https://adobefreeuserschannel.eu1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ& Review and sign Review and sign Review and sign https://adobefreeuserschannel.eu1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ& Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal!Customer Careninash341yas@proeeschool.com Dear Customer,Your Bitcoin purchase of $ 487.8O via Coinbase has been successfully processed.Transaction Details:Invoice ID: INV-775432Payment Method: PayPalStatus: CompletedYou can track your purchase through your PayPal account. If you need further assistance, contact us at +1 (8O8) 3O3-2565.Thank you for choosing PayPal! 487.8O Customer Care Customer Care ninash341yas@proeeschool.com After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. After you sign Payment Completed Your Order is Being Readied, all parties will receive a final PDF copy. Payment Completed Your Order is Being Readied Don't forward this email: If you don't want to sign, you can delegate to someone else. Don't forward this email: If you don't want to sign, you can delegate to someone else. Don't forward this email: If you don't want to sign, you can delegate to someone else. Don't forward this email: If you don't want to sign, you can delegate to someone else. Don't forward this email: If you don't want to sign, you can delegate to someone else. Don't forward this email: delegate https://supucansign.eu1.echosign.com/public/resend?tsid=CBFCIBAACBSCTBABDUAAABACAABAA7nttfyqFwS10HIFtJzjbLM_1rhOzZePah4lzFTH5BN_S2hmdxUanYhFi0UmnSFTK4Rzmc4jflKbePQ1ZdG3zdHdOoj7KJ5YKtbtaFhjGkAYvTF4jEDeVgYhgkoiEpuOL By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures.To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse 2025 Adobe. All rights reserved. By proceeding, you agree that this agreement may be signed using electronic or handwritten signatures. To ensure that you continue receiving our emails, please add adobesign@adobesign.com to your address book or safe list. Terms of Use | Report Abuse Terms of Use | Report Abuse Terms of Use https://www.adobe.com/go/terms Terms of Use Report Abuse https://adobefreeuserschannel.eu1.documents.adobe.com/public/reportAbuseForm?tsid=CBFCIBAACBSCTBABDUAAABACAABAASViA_njArbOUYyt0pGFD8D7J6BVCwbQGYFEkyxsRXAU-dftKQCh7ks9EKzFRakwpxsh3uD-L3i4fYDZDhXvp_p_dElqffrbmUw6T6EaJMnmBBTZlK654NhtBdtX4rPFJ&&reportAbuse=true Report Abuse 2025 Adobe. All rights reserved.
                                      Attachments:

                                        Headers

                                        Key Value
                                        Receivedfrom relay.eucentral1.utility.echosign.com (52.59.244.0) by MWH0EPF000A6732.mail.protection.outlook.com (10.167.249.24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.20 via Frontend Transport; Mon, 10 Mar 2025 15:46:20 +0000
                                        Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UQo8prfpVuTyLPNfldWocOI7KYaCoWJTONn9gfj2h5j8X3dzFTO9VrY6/mpoMfDVFVLj8maidgjM6EaHKPymqPNdQv5W6qtG+wWnUJ8ocbBlzVqDYF7a/XprZENmbrtZBcwf/R78BGMFGXdVrlOU99ddMWCpeSfhvP71VCbP+qSfw3l75B6OFd1MNiW2I+L3zYen0ps876S88eszZRzOAel7gKSEd+4Ka+vAex4B4vqSG6qJs+AUs0ZVCA8luIqJQZxS7gtO6CNR/cjwpziQ21Yr0aY7A3SUrPCVjCRN79pF7RoUxlPwFzja37Dzn7YKG9F2cT91sSXNF24HPgIE/A==
                                        Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AYEhw1vDUWaCDHrio6JS2n6Bt6HkoPYpUc5c7gdvDZY=; b=S9VqF0wBYRpvNfhupuya5p4YWWIg9YnVIygZVTr2pxNptDJ8DE3cidHUzN/h60ClEZTHZ2HUFOmDgVmNG6WQxXb8kEMhFzd0Y+iwJA+DjoFQZGue947ATRbqbArhLVnqYLIgRl5B1ls9YgX2EBd10FFcPqA2dew6IuZ5exrsLgvWhL6nw/cVyaR48zJww4tUlw72WWqBEcG/9MkZD0UfeXpkZ398/WxejRuaTlGmKS1UKKlgv1F9zl4G1pfWTnxlDZ2dfFuSgJJdZbpidopz2g0qjJ9AiFwrzGBDRm7DdEn0r2jc3BHFBKIaZ3Tofqe9UiRCLeh7l3D6VULpuMKb5w==
                                        Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass (sender ip is 52.59.244.0) smtp.rcpttodomain=cctiochiem.biz smtp.mailfrom=mail.eu1.adobesign.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=adobesign.com; dkim=pass (signature was verified) header.d=adobesign.com; arc=none (0)
                                        Authentication-Resultsspf=pass (sender IP is 52.100.172.239) smtp.mailfrom=cctiochiem.biz; dkim=pass (signature was verified) header.d=washboardus.onmicrosoft.com;dkim=pass (signature was verified) header.d=adobesign.com;dmarc=pass action=none header.from=adobesign.com;compauth=pass reason=100
                                        Received-SpfPass (protection.outlook.com: domain of mail.eu1.adobesign.com designates 52.59.244.0 as permitted sender) receiver=protection.outlook.com; client-ip=52.59.244.0; helo=relay.eucentral1.utility.echosign.com; pr=C
                                        Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/simple; d=adobesign.com; s=mailv2; t=1741621579; bh=QUacRQi4NOrrZhXJQCcLO8NE3yhaJ1g1ROY2H3LFUpw=; h=Date:From:Reply-To:To:Subject; b=dzIyop/U/Kf7kB31IeQ/TwHnJaHcjuV2MZ2KuPATp2MwYxJsPpxqiMDl0whzGtvd3 hVeDGhTOyBcoQmFfBnZHw9DClf+2CMraJYpo1Ndx5Q6poKgOQ0Wjhn/d7R4xdf4seD O+m6JqdkR5LRHE9KZp2ZgDsY80o2xGzgLEkHCi/rQSp4vVmed51koS+L26xN+iSOX0 5mjp/tH32Fxtuv1j75Mlxlj5w039LTzCHAU9a0SAWYPbO+PQ/Kpskj4Qls7OuHo6Qu UNsNCl+gpe+6s3WgxyByHy6v0VHEwmzxC8q90fmyJR6FlOhXIJF03Zli2j/CzE229u Uk+T96Tma0+rg==
                                        Authentication-Results-Originalspf=pass (sender IP is 52.59.244.0) smtp.mailfrom=mail.eu1.adobesign.com; dkim=pass (signature was verified) header.d=adobesign.com;dmarc=pass action=none header.from=adobesign.com;
                                        DateMon, 10 Mar 2025 08:46:18 -0700
                                        FromCustomer Care via Adobe Acrobat Sign <adobesign@adobesign.com>
                                        Reply-ToCustomer Care <ninash341yas@proeeschool.com>
                                        Topendingorder@cctiochiem.biz
                                        Message-Id <1039648361.1340.1741621578380@event-consumer-prod-b-7965c9698f-g4stm>
                                        SubjectSignature requested on "Payment Completed Your Order is Being Readied"
                                        MIME-Version1.0
                                        Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17416218611990.2489433180071039"
                                        X-Echosign-BounceCBJCHBCAABAAHjkFboRO1NHVTolphaiYrGtZDJ1JrhaN
                                        X-Echosign-Template agreement/progress/participantEsign.vm:en_US:10000006249114729
                                        Return-Pathbounces+SRS=uJfPa=V5@cctiochiem.biz
                                        X-Eopattributedmessage1
                                        X-Ms-Traffictypediagnostic MWH0EPF000A6732:EE_|BL3PR16MB4324:EE_|IA2PR16MB6376:EE_|DM4PR16MB5434:EE_|DS3PEPF0000C37C:EE_|IA2PR16MB6494:EE_|SA1PR16MB4705:EE_
                                        X-Ms-Office365-Filtering-Correlation-Id 8e43c7aa-4fb9-4968-22fa-08dd5feaf982
                                        X-Moderation-Data3/10/2025 3:47:28 PM
                                        X-Ld-Processedf60b98ee-0b60-4b02-92a9-1f55eb685862,ExtAddr
                                        X-Ms-Exchange-Senderadcheck0
                                        X-Ms-Exchange-Antispam-Relay0
                                        X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|7416014|376014|69100299015|48200799018|61400799027|4076899003|8096899003|13003099007|8142799012|3613699012|19033499003|17680700008;
                                        X-Microsoft-Antispam-Message-Info-Original yxnmeClOKaNLct1wPpZaE8/YWkzMdtvzVC8yqntpx/abZWJU2Ki7N/iOx3FJyZryY8Gmo2hs+2YLifW1oX39ad7UZvxtFIeVtHmbAHfSuOlWwaULWWAvTWXkbi6FYqZahWLYgFB79Uxj1s3m3+PSaTJxGeXHsjf0zyeQZZVIc8exMjjw1eTKbXgaMV9EfjKuXilRPeXWTIvf6C69LIBY4a6KHAXBGdwKimEOIpFOXZnmDkl23fe4y2WRy052e9OLJc1nut6DDA7zzMZo3S4OCrN0GMu/pUawIM8V1Da4Wr7oV1HJa3qcqHp2ughmHguYJ6ZRSPNfin42GAx0JotgYiuXQNJg6uqXeU4E5NShPCxfJIbnm0R1mWTXlZdWLjLIfpo3cISCI+bwHfrfrPIpX/ZjCd08q+GzndiHHIK3PdL5rDdhFm0m1Wm/bj5Sczt/yDpUojDKt8TXA9bwdx8ozyDv7Gpmwlcj8wq075LErr4jJ7emETWmErR/xxjVbyUfq0TyoRjIOypuzt4SqPJ1J2L4HfQ6tovwmpHGlBGpNRc+dETUtR4KxvS4ei2uPiSx/HwzY92SeMVQcE4Xr2PoaGITViBW2/F3EPdVKrqqxa46AulOISBaw7QnTb+t1tEIHPW7lAPpn9Gk5V1uBiqVUQe8vVla7xX81R3+6ACnf8c/pYkm5e2qYpubyVJLn2t4+lgi/CTd3Hwih7C8eu/63twDQyqS2teK9fDvnUhhJhRwDJzZaNiMxq2VAwRtTrFCjRnZU90K0xJnv/3UcV5V5rS1t3FVC9mSYZ8C3wgL4ptSItvrKBOBESYx4/+DlvjBR6Vp3W4xIl/6ub0CEX4QZcVr7tYrCxrA47bQtlU1LMIy+C1lbLzfaq6CbR69t57w1y5NmEQ31qS9tAtjSyf1+CFlgPxImpK4ovSoaatWl/1DI6UpAoSih3R0jLeb7S4FQxljUqsHz9eiAbijFOZBy2NtEerKNe5oNb161tNBsiFFqdyAnNRN+Afkf6GMQsBXONlMFn5LCVCBXzpR40dnY2l9y8BaVvgvyN3sfcvOz9xlV+Jz0U8vkqK1BmYVlxR/Ih7Zvikg9dSNt3DxLVOJlGgr5uZjhS3u25mSpNT09d5AkvcAxdHKxT/oSayfNWk3CxfMx4fO1+ovSTs5kEb+kGA+ChuKeBs8t/PI9yFRhSTdluxGXKnEzTXIcyiZgVkC2CPUXj/KkSJllBHd6g7Da1jIpDvS4IoLkZzpUY3m3gZoxFVR6+rtwDD5PFZXezyHNelzPP+UytC2NH/V2LSBSasoOUbGuoRg9TRHi36cyPU/tqEm00GgsSd/74PlzsVbygpRUtASAPwkmzzyJV5TN29x5iTguZHE5ecvq1xMID73tQuGKjsfyaMQ1hezOUDRxpw+wpC7ZUB74hbCk1I2UwaTHxcKAV5tUyo6fLJd1VNrMDI7MzUxvXtpWToLRxNS
                                        X-Forefront-Antispam-Report-Untrusted CIP:52.59.244.0;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:relay.eucentral1.utility.echosign.com;PTR:relay.eucentral1.utility.echosign.com;CAT:NONE;SFS:(13230040)(7416014)(376014)(69100299015)(48200799018)(61400799027)(4076899003)(8096899003)(13003099007)(8142799012)(3613699012)(19033499003)(17680700008);DIR:OUT;SFP:1501;
                                        X-Auto-Response-SuppressDR, OOF, AutoReply
                                        X-Ms-Exchange-Transport-CrosstenantheadersstampedIA2PR16MB6494
                                        X-Ms-Exchange-Organization-Expirationstarttime10 Mar 2025 15:48:16.9519 (UTC)
                                        X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                        X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                        X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                        X-Ms-Exchange-Organization-Network-Message-Id 8e43c7aa-4fb9-4968-22fa-08dd5feaf982
                                        X-Eoptenantattributedmessaged5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5:0
                                        X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                        X-Ms-Exchange-Transport-Crosstenantheadersstripped DS3PEPF0000C37C.namprd04.prod.outlook.com
                                        X-Ms-Exchange-Transport-Crosstenantheaderspromoted DS3PEPF0000C37C.namprd04.prod.outlook.com
                                        X-Ms-PublictraffictypeEmail
                                        X-Ms-Exchange-Organization-Authsource DS3PEPF0000C37C.namprd04.prod.outlook.com
                                        X-Ms-Exchange-Organization-AuthasAnonymous
                                        X-Ms-Office365-Filtering-Correlation-Id-Prvs 8a42c692-b814-40d1-4fac-08dd5feab46e
                                        X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                        X-Ms-Exchange-Organization-Scl1
                                        X-Microsoft-Antispam BCL:0;ARA:13230040|240411011799012|5082899009|5073199012|6062899009|3092899012|3072899012|5062899012|4092899012|2092899012|31052699007|39142699007|69100299015|13102899012|35042699022|13012899012|12012899012|4076899003|8096899003|13003099007|8142799012|3613699012;
                                        X-Forefront-Antispam-Report CIP:52.100.172.239;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM11-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam11hn2239.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(240411011799012)(5082899009)(5073199012)(6062899009)(3092899012)(3072899012)(5062899012)(4092899012)(2092899012)(31052699007)(39142699007)(69100299015)(13102899012)(35042699022)(13012899012)(12012899012)(4076899003)(8096899003)(13003099007)(8142799012)(3613699012);DIR:INB;
                                        X-Ms-Exchange-Crosstenant-Originalarrivaltime10 Mar 2025 15:48:16.8738 (UTC)
                                        X-Ms-Exchange-Crosstenant-Network-Message-Id 8e43c7aa-4fb9-4968-22fa-08dd5feaf982
                                        X-Ms-Exchange-Crosstenant-Idd5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5
                                        X-Ms-Exchange-Crosstenant-Authsource DS3PEPF0000C37C.namprd04.prod.outlook.com
                                        X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                        X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                        X-Ms-Exchange-Transport-Endtoendlatency00:01:38.3996658
                                        X-Ms-Exchange-Processed-By-Bccfoldering15.20.8511.025
                                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710117)(4713020)(4716014)(920097)(930097)(140003);
                                        X-Microsoft-Antispam-Message-Info +RVPx9qnWVq/F0dYpD701T0To3npVdtAB6jOaoIFmFQB0em2P8iG3cRWfq6272uUlfoGoKa742cPYtDIuWkeqBSlzLBz6a0uM8aKCk2g9J2SJ0UmOe6tRw3/OtMQCpbBPoZzMvtphnTNcCgvdUn18EFnwavFgtrVGLxvRpD2IHFtVRxKHNYBf4Q7FFlm/nDyJCMgHGvqsiJXGSszHqMNhuGeWmkw6txXaNeMGXUlqXo75i43Pe3URM//Wbr3i+90SqG2iM1erIRMhJcL5/cgTaEzkgiAgFIE5YMb/oPrx+ZnKtJGG5TNBEMvBQnZD2VhP2FgiMYSJtklNIEO2UNtoTiJrZH2lGFRWUe2C3kopbT/Nljxlb43zis+oifN74VArhgFeZt1XVs0gvMOikl1Ud8hD+WI+o0Ot/sEM++X7K6rGcxOLTurp7TUJIhcWHDst3fKK4XD8UMizmDNCeeutpPCPhbz/rEfMvsOctEYmO0CRJJCBuEI5n+TCjh7T3/9D7APpEAhj8McU18qNJ0Zv7PWsKWGsj0fn5IZ2QWigsurjzb4iRgZrJ0T3gkY0s7ERk5cy6mErQsgoa0YszotOHZhQfBX76gfJh6/VvkMhWyokYzfk5QJ/5wtprjKEM5b/fWBK6K7xhKebsB7GfHBFYwd6bhV6syQfIqjqFUzIo50loNHZl2aVYGxneSeMaUai/WG0L4pTHVbkkSGk9ybuGZXUqCFd/rtdU9RF8al2pKG0vWkgUgSE2nUF6zEfzyzRqyXl4vsNgoKHbSLJftD8Lir2l9V5gtodPFxX9c3p+98E7WILpu/0REaKpurTijcnHIdzYbOPo5al6kgmVWnq3nXZCAE/3V1ceWB1wtPJ4i8z1MK3mU78ik0/p492ZWJz+hdOGszE0nikXs0YIdROJQBEFHakey3Pmv92JKeQjkKQnQbPTpOPKFDktkuD6Zy8VxAEr7kEDwugqiHUSXdrkO3uJ70O2DJMPZXolAKzn9Ix2+uXjGYbd9QOaHFRlfkNasPeKgllMkCUQBUDd1fZohYXKeiZOqjSNMmzy0fZNorw8qYVaJMN/TIc5oRG7uPvgYfsDyWDcEEyzLrB+vQ0rpH4r47Qvvo/LLlWOcAbwsZtfg0d2uTCH9Pr5qM6JGmJJX7/m1Ze8TR2/fTCMR/7wjWo3yRbcguS+PmW9MU62jLEBes+FDoWLXSka2Ho6uqvLjIhlENj57WSfa6/hj5oqZ04MnnU5DP8e1La8lMRaRq+mjstOTVespEYdMZ2F8Thk6SC5GsfVv4nqT8iuyovXMft0ohs5vPowTth0gB5aurQSKfXWfnJK6zBMJ+ZxW8PnXQsqL7JfBVVVPV709h0Y0tJkOy83AaeIjCmSs69OSywqtLQZhbUMTuHzFQC5ULUaWH1zuzvOksMe8tOxMmE5CHrKAAL+YTMPl2EJ33BRqHh3cilsfR6ll1IrEL9gBoguYfK8I8uIbkBjyNaMYMBk5zBzvbID33J2C91Tqoo+hWCI/bbF2l7/uGXiMSRXn4275XZAW+JdsBPY0HtwE98ocS+zwOQYp0baiqTtYcXjudZh0oeOmgllYNg73bSKMLg8ixc4PlKu+ThqzLtT0JQG/b+Hx3j2TcQNoX7OzNRcsWQ9YKZGjsQ/72GNvpqL0v/LXhv8Z38R5may0mNGLwOYYy8FQwOYG7quJEXojOb/D3IQa+Jl4PbtVgbzzL4ZwM3qpAtH/5MSGEvT8zldrj4qpG/fFZrwAv/nX/3X1uCaGHo3eP5Hmucu+POokCkxR1mI3UPk6u3g7uOk8OfjI83c81/ivY92TuyyM41+Pr9fYUk/zi6C3mpK6sTjHGvL3h+mgXlOblQYOp6STxMFTPtjmbmyvjATFACBHlQhuRwKnqej8OhAqMIOSB3SQoSWGE4oWaYfM4MCqWV2zXCgRjqVH3aHpr/HQzk0jG3jesNuljeTm7CplOtnRb9Leos0Xibzv66Ge4Cdg7PesDktYSyYB/EYLbdcasmY1JvNt+RFy16zHj78nS1InQur5vgKszcrTkGaBs6/YB+k2+tfEtQJFVDLwNuiP1oyu/IjoGbk4a9ASQmDJorjXjfMUEvVbK
                                        Content-Transfer-Encoding7bit

                                        File Icon

                                        Icon Hash:46070c0a8e0c67d6