Malware analysis phish_alert_sp2_2.0.0.0 (70).eml Malicious activity

Add for printing

File name:	phish_alert_sp2_2.0.0.0 (70).eml
Full analysis:	https://app.any.run/tasks/36903e05-f80e-4175-89a4-2571763e602a
Verdict:	Malicious activity
Analysis date:	August 01, 2025, 05:15:59
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing phish-img qrcode phish-url
Indicators:
MIME:	message/rfc822
File info:	RFC 822 mail, ASCII text, with CRLF line terminators
MD5:	02C2874164436E64ADAF02309C8AA405
SHA1:	B452F61F590313B0EE83F4848D15D239EAB0355B
SHA256:	8CE7D788855CE9D97FB5B47A02F3040DCBA8764BF23DE31EEB324957E9F32A3E
SSDEEP:	1536:TymMnzjLiyyGD0lS7HVFvauUmf732wBRnZE/PYPE7p9oZoHZlR0qhj:mbXL0GDP7qwubpfHZt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 180 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 120 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Suspicious URL found
  - OUTLOOK.EXE (PID: 3788)
- QR code contains URL with email
  - OUTLOOK.EXE (PID: 3788)
- Phishing has been detected
  - OUTLOOK.EXE (PID: 3788)
SUSPICIOUS
- QR code with Mixed Case Domain (Potential Phishing)
  - OUTLOOK.EXE (PID: 3788)
INFO
- Reads security settings of Internet Explorer
  - OpenWith.exe (PID: 7628)
- Reads Microsoft Office registry keys
  - OpenWith.exe (PID: 7628)
  - Acrobat.exe (PID: 8176)
- Application launched itself
  - Acrobat.exe (PID: 8084)
  - AcroCEF.exe (PID: 6772)
- Checks proxy server information
  - slui.exe (PID: 7740)
- Reads the software policy settings
  - slui.exe (PID: 7740)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.eml	\|	E-Mail message (Var. 5) (100)

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

158

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1028

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --first-renderer-process --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

2168

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2648 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

2692

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1532 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

3788

"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (70).eml"

C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Outlook

Version:

16.0.16026.20146

Modules

Images
c:\program files\microsoft office\root\office16\outlook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

5952

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

6292

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2712 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

6772

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16514043

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

Acrobat.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

7164

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

7292

"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2624 --field-trial-handle=1608,i,13122002662335499901,7437151187475124695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

—

AcroCEF.exe

User:

admin

Company:

Adobe Systems Incorporated

Integrity Level:

LOW

Description:

Adobe AcroCEF

Exit code:

Version:

23.1.20093.0

Modules

Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

7344

"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "5088407E-580A-4F66-B297-48D4D767E3AE" "500EE721-A190-4DE7-9C9F-E95E7FC13DF2" "3788"

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe

—

OUTLOOK.EXE

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.

Version:

0.12.2.0

Modules

Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\program files\common files\microsoft shared\clicktorun\c2r64.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll

Add for printing

Total events

29 362

Read events

28 024

Write events

1 196

Delete events

142

Modification events


(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:	write	Name:	00030429
Value: 09000000
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:	write	Name:	ProfileBeingOpened
Value: Outlook
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:	write	Name:	00030397
Value: 60000000
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
Operation:	write	Name:	BuildNumber
Value: 16.0.16026
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:	write	Name:	Expires
Value: int64_t\|0
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:	delete value	Name:	ConfigIds
Value:
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:	delete value	Name:	ETag
Value:
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:	write	Name:	1
Value: 4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D3638383235323133373939343532393537363B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D522D313039383135382D312D352C502D522D37363735372D312D322C502D522D32363134362D352D31372C502D442D32393633352D312D312C502D442D32373038372D312D392C502D522D37393638382D312D332C502D582D313035363139362D322D332C502D522D313037353533392D342D362C502D522D313036353130332D342D352C502D522D313034303537342D342D382C502D522D313032313439312D342D342C502D522D313032303733302D322D31302C502D522D313031393539312D342D342C502D522D313030343536312D342D342C64686965643636303A3434383338312C502D582D39383531382D362D392C502D582D313036313437302D322D332C502D582D313032313936352D312D372C502D582D313032313936382D322D332C502D582D37333633392D312D352C502D522D313037383237352D342D372C502D522D313037363531382D342D362C502D522D313036393531352D342D362C502D522D313032353434342D342D352C502D522D33333737342D36342D3235302C626C6F636B6564677261706869637361646170746572353A3437353839392C66653635313636373A3336313635382C37326838623835393A3238343430302C38306562633336353A3236353636392C61696764693533333A3338303138352C502D522D35383634302D312D332C502D582D37343731382D312D392C502D522D313037343034382D362D372C502D522D33353039392D322D342C6175656E613732343A3537373735332C502D522D313038313433312D382D362C502D522D313035333437382D382D352C502D522D33343834332D342D362C502D582D37313237342D312D372C502D522D33333832322D31342D36362C502D522D34353438332D31362D35332C502D522D35303731372D31382D36302C502D522D38373538372D342D342C502D522D37353036392D312D332C502D522D37353030312D312D332C502D522D36383135322D31382D32312C502D522D35323331362D31382D33372C502D522D34393136322D31382D31332C502D522D34393136312D31382D31332C502D522D34303235332D362D31392C502D522D34303235342D362D31382C502D522D33353430312D362D372C502D522D33323130372D32322D32322C636C70726F3130353A3436363736322C502D582D3130393138392D312D352C502D582D313030333535362D312D352C502D522D35383236362D34382D33392C502D522D32343938302D382D34382C502D522D31383237392D322D36352C63753637333A3332353936392C63756973663436343A3434363635342C502D582D313033363930382D312D332C502D522D3131333931352D382D372C502D522D35323938322D31382D33342C502D522D35313134352D322D372C67356234623530373A3238363035352C502D582D313031323533332D312D352C502D522D313036393430352D342D382C502D522D313035303139342D33322D32312C502D522D34313034362D32322D38332C64696173793933323A3237333238302C502D582D313037373139382D322D352C502D582D313034383430382D322D352C502D582D38353335392D312D31332C502D582D38393031322D312D31312C502D522D313036313635312D382D362C502D522D313034323432302D342D332C502D522D313033363136342D342D372C502D522D3131333530382D382D362C502D522D39353631362D382D352C502D522D37393631362D312D332C502D522D37373632312D312D332C502D522D37373230342D312D332C502D522D37363130372D312D332C502D522D37343333342D312D332C502D522D37343433392D312D332C502D522D37333634322D312D332C502D522D36383933382D312D362C502D522D36323837352D322D342C502D522D36303537392D322D322C502D522D36303333332D312D332C502D522D35383130372D322D322C502D522D35353734332D312D332C502D522D35313935382D312D352C502D522D33383038352D31322D392C502D522D33353338392D31382D33382C75736570726570726F63743A3337333738382C7573657632656E64706F696E7474726561746D656E743A3333333939332C6E617469766577696E333272646C3A3138363734342C646F6373686F6D6570616765736561726368656E61626C65616767726567617465646D7275736561726368736F757263653A3137353733392C502D522D313033343136392D31302D372C502D582D313037383537362D322D332C502D582D313035393131312D312D332C502D582D38303734322D312D31312C502D582D39333738372D332D31312C502D582D313035363137372D322D332C502D582D37393936312D312D372C502D582D313033333335362D322D332C502D582D39393034342D312D332C502D582D39363134312D312D332C502D452D32383637372D322D332C502D522D35353132322D382D382C502D522D35303235352D31302D392C502D522D34353331342D31302D31362C37393332313738393A3335353439302C336A6768393438383A3337353232372C6578706F773334343A3337353535352C65787069766F746E6F6E64657374727563746976656175746F67726F75703A3338373137392C69393268333737303A3333363131342C657861766F3833333A3234393839332C736D617274726563616C632D74726561746D656E743A3433313131322C6D6F6465726E62726F777365726F617574686469616C6F673A3230383934332C65786973723434383A3230383933342C502D582D313234303832332D312D332C502D452D33383233312D43312D342C502D522D313234353636322D31352D342C502D522D3130383334322D31342D31372C502D522D39353232352D31342D31372C502D522D39343636312D31342D31332C502D522D39343536302D31342D31322C502D522D39343138392D31342D31332C502D522D39333838322D31342D32362C502D522D36313134372D4331372D322C502D522D35343732382D31362D32332C502D522D35343639382D31362D31362C502D522D35343635382D31382D31392C502D522D34303034392D322D32392C502D522D33383330362D4331372D332C502D522D33343031392D342D332C77696E333264657669636563616E6172793A3534313438332C77696E333264657669636563616E6172793A3534313438332C502D582D313035313539312D312D352C502D582D313030373237342D332D31372C502D582D313030373237352D31332D34352C502D582D38353839362D312D31392C502D582D39313739302D312D352C502D582D313031343433312D312D372C502D582D3131363131352D312D392C502D582D3130373539352D312D352C502D582D36313130322D332D31312C502D582D35313236322D312D31312C502D582D35323539312D312D31312C502D582D39383636352D312D392C502D582D39383635352D312D352C502D582D38343436342D312D352C502D582D35343335382D312D372C502D582D35333937352D332D392C502D582D36393138392D312D372C502D582D35363237342D312D392C502D582D36333133342D312D372C502D582D35383637382D312D352C502D582D35353833322D312D362C502D582D35363134372D312D352C502D582D35363135342D312D352C502D582D35343231322D312D352C502D522D313535343133302D342D352C502D522D313535343132372D342D352C502D522D313535343132322D342D362C502D522D313037343833392D382D352C502D522D313037343430372D382D352C502D522D313037343033302D382D342C502D522D313037323332362D382D362C502D522D313036323835322D382D392C502D522D313035333236392D382D352C502D522D39353038322D382D352C502D522D39333937302D382D342C502D522D36393036352D312D332C502D522D35393139332D312D332C502D522D34353630392D31342D362C502D522D34353139372D322D362C502D522D34303938302D31382D31362C502D522D33393032392D352D31382C502D522D33353136352D322D372C502D522D32393830392D312D372C502D522D32363936382D332D392C502D522D31383432352D382D36322C502D522D31383432362D352D33302C502D522D31383432342D342D33342C502D442D313130393930372D342D31322C686E6C6162656C3A3630333036372C686E656469746F72733A3531383233342C356D696E31306D696E5F31306D696E6772616365706572696F643A3531373738392C66696C69733436363A3733363730322C66696D6F633234383A3139333439312C62657474657262726561646372756D62733A3439303833362C6669616C6C3139383A3439383838372C66696261633936373A3630383537312C66697465733231373A3136313436382C66697265663334363A33343532352C66696D6F633538393A32383937392C6772617068617069666F726F64656E61626C6564726F6C6C6F75743A3339343135362C6F6E656472697665636F6E76657267656E6365656E6C69676874656E6564726F6C6C6F75743A3135393033382C66696F6D693239333A3131383038312C6669656E613934373A33303633352C66697374613430373A36313032372C6669656E613930333A36353934342C66696461763236353A35353033352C66696361633834313A34393636342C6669656E613431353A33383738302C6669656E613439303A33343138312C72656D6F74656D6F76656465766963653A34323530302C6669656E613237363A34313030342C6669656E613338313A34393939372C502D582D313032303335332D312D372C502D522D313233363533302D382D322C502D522D313037383537312D31382D382C502D522D313034363334302D31382D31352C502D522D313033343131382D31382D32302C502D522D313032363335342D31382D32312C502D522D36313730372D33362D32382C502D522D35333534352D342D352C502D522D34393733362D362D32322C502D522D33303038352D312D392C502D522D32353135372D382D31342C502D522D32343336332D362D31332C502D522D31393831342D312D36322C502D522D31393031322D312D35372C666C656E613231343A3532363832342C666C656E613231343A3532363832342C502D582D313032343434382D312D332C30356269353338323A3430333333312C502D582D313035363435362D322D31312C502D582D313031383536342D332D392C502D582D313032303539372D312D372C502D582D313030393332392D312D372C502D582D313031313434322D312D31312C502D582D313031393633322D312D332C502D582D313031353535342D312D352C502D582D313031303331342D312D352C502D582D3130383336342D312D332C502D582D37373734322D312D352C502D582D38363339352D312D352C502D582D38343332312D312D352C502D582D35303232302D312D332C502D582D34393733302D312D332C502D522D313034333838352D362D362C502D522D313031343435322D382D382C502D522D36343834312D32322D31352C502D522D36333130302D32382D31302C502D522D35323033382D32382D31382C502D522D34303939302D31322D31352C502D522D33323734342D31342D31352C502D522D33323734312D33322D31362C502D522D32383735312D322D32302C69693435373531323A3434393137382C6272616B696E67736B703A3338383633312C6772616C743139333A3431313231352C6772616C743232323A3334353534372C67726766783930363A3432333930352C67723233343A3433343331362C6772736B693435353A3537383535332C67723331323A3631333334312C67723337303A3538333038372C677264656C3334373A3132373632382C67727376673936303A3435323639302C67727573653434343A3132343039312C67727573653438383A3537303335382C677269636F3430363A31393737372C502D582D3130353838392D312D352C32346139333336353A3134373734372C502D522D35303432392D31382D382C502D522D33363533392D31302D352C502D522D32343038342D312D31362C502D582D313535393535332D312D332C502D582D313034393232352D312D332C502D582D313033333336302D312D352C502D582D313033333335352D312D332C502D582D313031313137332D312D352C502D522D313537363838342D31332D31362C502D522D313434353932342D382D362C502D522D313130313038312D382D352C502D522D313037373631302D382D352C502D522D313032363534322D382D342C502D522D313032313732352D31382D35302C502D522D35333432312D32382D31342C502D522D34303437352D32382D32382C502D522D33353938352D31342D32332C502D522D33323030342D322D352C37613961633834303A3832363032392C39373935633332303A3335393832302C32646262623537393A3238363232352C69383364613438393A3338383033382C69643539323A3238383731342C502D582D38383033352D312D352C6C616C616E3233313A3134303738312C502D582D313237363530392D312D352C502D582D313033393636392D312D392C502D582D313035363637392D312D362C502D582D313031323534332D342D32352C502D582D3130333738362D312D332C502D522D313238303432352D31332D31372C502D522D36313234382D31382D372C502D522D35313939352D31382D32382C502D522D33323433382D31352D35352C69306437363937303A3539383638392C31343530373439353A3430363034302C6C6F6F705F6761726F6C6C6F75743A3431303034392C65663635393538383A3430343732312C6C656973753732343A3631303738342C502D582D313034343531342D322D372C502D582D313036313732332D322D352C502D582D313037363235322D312D362C502D582D313034393634392D322D352C502D582D313034373731352D322D372C502D582D313031343139352D342D31392C502D582D313032363133312D322D352C502D582D313032373931332D312D31312C502D582D313031373734352D382D31342C502D582D3130383634332D322D372C502D582D39353630352D322D332C502D522D313035383637352D382D342C502D522D313033363537362D342D342C502D522D39383131302D342D352C502D522D37393936332D312D322C502D522D36303831362D31302D31392C502D522D35313736342D312D342C502D522D34323339322D322D342C502D522D33393037332D312D352C70697063687962726964743A3333363236352C326766396A3631383A3336323439302C396A6734633839333A3335373434342C34676839653230353A3438333737382C363135316A3631333A3434373631392C67643868383735353A3331373939302C6A6A3035303832373A3234353136322C61306537323236393A3332323039342C37673633363833323A3236383639382C37366534673937353A3332343937392C67306864303232313A3435303335352C502D522D313132333337362D31302D31342C502D522D313030393835352D31322D31342C502D522D39383835362D31382D34382C502D522D313036313233392D382D362C502D522D34333438392D33302D31352C502D522D33383431302D31322D32332C502D582D313239313234362D322D332C502D582D313236343332372D312D392C502D582D313032313731342D322D352C502D582D313032373135362D312D372C502D582D313031323836352D312D352C502D582D313036313138302D322D372C502D582D313037313733392D312D332C502D582D313036363534362D312D31332C502D582D38393837382D312D352C502D582D313035303032352D312D31312C502D582D313035303636352D332D372C502D582D313034313735362D322D352C502D582D313032313432332D322D352C502D582D313031393538312D312D332C502D582D313030363137342D312D352C502D582D3131383230392D312D332C502D582D35313735392D312D332C502D522D313536353432382D322D332C502D522D313533343538302D382D322C502D522D313532363931352D382D332C502D522D313234393337302D342D352C502D522D313039343131352D342D342C502D522D313038393139322D362D352C502D522D313031373036362D342D352C502D522D3131373934312D342D342C502D522D35393533342D312D332C502D522D35343535372D312D332C63683337313137393A3630303339362C33326535613931333A3538333337322C64633031373739383A3533373631302C31323568373933353A3335313834372C6361726574706F736974696F6E6368616E6765643A3339343139362C38376A61613633343A3336383734362C3866316A663234323A3638313635382C62656C6F776F70656E646976696465723A3534323535372C6F6575696C3832303A3332363132342C726573706563746C6F6F707374796C653A3639313535392C6F65656E61626C656F73666964656E746974796D616E616765723A3434393931392C67623038643735323A3239323132322C65333931323438393A3338393436372C6F656D69633633393A3339373735332C6F65616C6C3834333A3337353838372C6F65666C753433343A3332313933392C6F656D61633335383A32303530322C726573706563746C6F6F707374796C653A3639313535392C502D522D37313336302D31382D31392C502D582D37363535352D312D332C6F6E6D61703336363A38313734302C502D442D313437363534302D312D332C502D442D313234383335302D332D332C502D442D313232303436342D392D352C502D442D313033303630312D332D332C502D442D313135373731372D312D332C502D442D313134393433362D312D332C502D442D313133313332392D362D372C502D442D313131303935362D342D332C502D442D313038343536352D332D332C502D442D313037333031342D352D332C502D442D313035393333322D322D342C502D442D313034323830332D322D342C502D442D313033373534312D372D362C502D442D313033333339312D322D342C502D442D313033313531322D312D332C502D442D313033313531302D312D332C502D442D313033313530392D312D332C502D442D313033313530382D312D332C502D442D313033313436302D312D332C502D442D313033313435362D322D342C502D442D313033313435352D312D332C502D442D313033313435342D312D332C502D442D313033313435332D312D332C502D442D313033313435322D312D332C502D442D313033313435312D312D332C502D442D313033313435302D312D332C502D442D313033313434392D312D332C502D442D313033313434382D312D332C502D442D313033313434372D312D332C502D442D313033313434362D312D332C502D442D313033313337332D312D332C502D442D313033313035302D342D332C502D442D313033313032322D312D332C502D442D313033313031382D312D332C502D442D313033313031322D312D332C502D442D313033303936342D312D332C502D442D313033303936332D312D332C502D442D313033303932362D312D332C502D442D313033303932332D322D332C502D442D313033303932322D322D332C502D442D31303330393230
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:	write	Name:	ChunkCount
Value: uint64_t\|0
(PID) Process:	(3788) OUTLOOK.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:	write	Name:	1.1
Value: 2D322D332C502D442D313033303931382D322D332C502D442D313033303931362D322D332C502D442D313033303931342D322D332C502D442D313033303931322D322D332C502D442D313033303931302D322D332C502D442D313033303930382D322D332C502D442D313033303930362D322D332C502D442D313033303930342D322D332C502D442D313033303930322D322D332C502D442D313033303930302D322D332C502D442D313033303839382D322D332C502D442D313033303839362D322D332C502D442D313033303839332D322D332C502D442D313033303839312D322D332C502D442D313033303838392D322D332C502D442D313033303838372D322D332C502D442D313033303838352D322D332C502D442D313033303838332D322D332C502D442D313033303838312D322D332C502D442D313033303837392D322D332C502D442D313033303837372D322D332C502D442D313033303837362D322D332C502D442D313033303837352D322D332C502D442D313033303837332D332D332C502D442D313033303837322D322D332C502D442D313033303837312D322D332C502D442D313033303837302D322D332C502D442D313033303836392D322D332C502D442D313033303836382D322D332C502D442D313033303836372D322D332C502D442D313033303836362D322D332C502D442D313033303836352D322D332C502D442D313033303836342D322D332C502D442D313033303836322D322D332C502D442D313033303836302D322D332C502D442D313033303835382D322D332C502D442D313033303835362D322D332C502D442D313033303835342D322D332C502D442D313033303835322D322D332C502D442D313033303835302D322D332C502D442D313033303834382D322D332C502D442D313033303834372D322D332C502D442D313033303834362D322D332C502D442D313033303834342D322D332C502D442D313033303834322D322D332C502D442D313033303834312D322D332C502D442D313033303834302D322D332C502D442D313033303833382D322D332C502D442D313033303833362D322D332C502D442D313033303833342D322D332C502D442D313033303833322D322D332C502D442D313033303833302D322D332C502D442D313033303832382D322D332C502D442D313033303832362D322D332C502D442D313033303832342D322D332C502D442D313033303832322D322D332C502D442D313033303831392D322D332C502D442D313033303831362D322D332C502D442D313033303831322D322D332C502D442D313033303831312D322D332C502D442D313033303831302D322D332C502D442D313033303830382D322D332C502D442D313033303830362D322D332C502D442D313033303830332D322D332C502D442D313033303830312D322D332C502D442D313033303830302D322D332C502D442D313033303739392D322D332C502D442D313033303739382D322D332C502D442D313033303739372D322D332C502D442D313033303739362D322D332C502D442D313033303739352D322D332C502D442D313033303739342D322D332C502D442D313033303739332D322D332C502D442D313033303739322D322D332C502D442D313033303739312D322D332C502D442D313033303738392D322D332C502D442D313033303738372D322D332C502D442D313033303738362D322D332C502D442D313033303738352D322D332C502D442D313033303738332D322D332C502D442D313033303738312D322D332C502D442D313033303737392D322D332C502D442D313033303737372D322D332C502D442D313033303737352D322D332C502D442D313033303737332D322D332C502D442D313033303737312D322D332C502D442D313033303736392D322D332C502D442D313033303736372D322D332C502D442D313033303736352D322D332C502D442D313033303736332D322D332C502D442D313033303736312D322D332C502D442D313033303736302D322D332C502D442D313033303735392D322D332C502D442D313033303735382D322D332C502D442D313033303735372D322D332C502D442D313033303735362D322D332C502D442D313033303735352D322D332C502D442D313033303735332D322D332C502D442D313033303735312D322D332C502D442D313033303734392D322D332C502D442D313033303734372D322D332C502D442D313033303734352D322D332C502D442D313033303734332D322D332C502D442D313033303734302D332D332C502D442D313033303733382D322D332C502D442D313033303733372D322D332C502D442D313033303733362D322D332C502D442D313033303733342D322D332C502D442D313033303733322D322D332C502D442D313033303733302D322D332C502D442D313033303732382D322D332C502D442D313033303732362D322D332C502D442D313033303732342D322D332C502D442D313033303732322D322D332C502D442D313033303731392D322D332C502D442D313033303731372D322D332C502D442D313033303731352D322D332C502D442D313033303731332D322D332C502D442D313033303731322D322D332C502D442D313033303731312D322D332C502D442D313033303730392D322D332C502D442D313033303730382D322D332C502D442D313033303730372D322D332C502D442D313033303730362D322D332C502D442D313033303730352D322D332C502D442D313033303730342D322D332C502D442D313033303730332D322D332C502D442D313033303730322D322D332C502D442D313033303730312D322D332C502D442D313033303639392D322D332C502D442D313033303639372D322D332C502D442D313033303639362D322D332C502D442D313033303639352D322D332C502D442D313033303639332D322D332C502D442D313033303639312D322D332C502D442D313033303639302D322D332C502D442D313033303638392D322D332C502D442D313033303638372D322D332C502D442D313033303638352D322D332C502D442D313033303638332D322D332C502D442D313033303638312D322D332C502D442D313033303637392D322D332C502D442D313033303637372D322D332C502D442D313033303637352D322D332C502D442D313033303637332D322D332C502D442D313033303637312D322D332C502D442D313033303636392D322D332C502D442D313033303636382D322D332C502D442D313033303636352D322D332C502D442D313033303636342D322D332C502D442D313033303636332D322D332C502D442D313033303636312D322D332C502D442D313033303635392D322D332C502D442D313033303635362D312D332C502D442D313033303634392D312D332C502D442D313033303634322D31322D382C502D442D313033303633332D312D332C502D442D313033303632382D322D342C502D442D313033303539322D312D332C502D442D313033303534372D322D342C502D442D313033303534352D312D332C502D442D313033303534322D312D332C502D442D313033303438352D312D332C502D442D313032393530362D322D332C502D442D313032393530352D312D332C502D442D313032393434362D312D332C502D442D313032393434352D312D332C502D442D313032393434342D312D332C502D442D313032393434332D312D332C502D442D313032393434322D312D332C502D442D313032393434312D312D332C502D442D313032393434302D312D332C502D442D313032393433372D312D332C502D442D313032393433312D312D332C502D442D313032393433302D312D332C502D442D313032393432382D312D332C502D442D313032393432362D312D332C502D442D313032393432352D312D332C502D442D313032393432342D312D332C502D442D313032393432302D312D332C502D442D313032393431392D312D332C502D442D313032393431362D312D332C502D442D313032393431352D312D332C502D442D313032393431342D312D332C502D442D313032393431332D322D342C502D442D313032393431322D322D342C502D442D313032393431312D312D332C502D442D313032393430392D312D332C502D442D313032393430382D312D332C502D442D313032393430322D312D332C502D442D313032393430312D312D332C502D442D313032393430302D312D332C502D442D313032393339392D312D332C502D442D313032393339362D312D332C502D442D313032393339352D312D332C502D442D313032393339342D312D332C502D442D313032393339332D312D332C502D442D313032393339322D312D332C502D442D313032393339312D312D332C502D442D313032393339302D312D332C502D442D313032393338392D312D332C502D442D313032393338382D312D332C502D442D313032393338372D312D332C502D442D313032393338362D312D332C502D442D313032393338352D312D332C502D442D313032393338342D312D332C502D442D313032393338332D312D332C502D442D313032393338322D312D332C502D442D313032393338312D312D332C502D442D313032393338302D322D342C502D442D313032393337372D312D332C502D442D313032393337362D312D332C502D442D313032393337352D312D332C502D442D313032393337342D312D332C502D442D313032393337322D312D332C502D442D313032393337312D312D332C502D442D313032393337302D312D332C502D442D313032393336392D312D332C502D442D313032393336372D312D332C502D442D313032393336362D312D332C502D442D313032393336352D312D332C502D442D313032393336342D312D332C502D442D313032393336302D312D332C502D442D313032393335392D312D332C502D442D313032393335382D312D332C502D442D313032393335372D312D332C502D442D313032393335362D312D332C502D442D313032393335342D312D332C502D442D313032393335322D312D332C502D442D313032393335312D312D332C502D442D313032393335302D312D332C502D442D313032393334392D312D332C502D442D313032393334382D312D332C502D442D313032393334372D312D332C502D442D313032393334362D312D332C502D442D313032393334312D312D332C502D442D313032393333392D312D332C502D442D313032393333382D312D332C502D442D313032393333322D312D332C502D442D313032393333312D312D332C502D442D313032393333302D312D332C502D442D313032393332392D312D332C502D442D313032393332382D312D332C502D442D313032393332372D312D332C502D442D313032393332352D312D332C502D442D313032393332342D312D332C502D442D313032393332332D312D332C502D442D313032393332302D312D332C502D442D313032393331392D312D332C502D442D313032393331382D312D332C502D442D313032393331372D312D332C502D442D313032393331362D312D332C502D442D313032393331322D312D332C502D442D313032393331312D312D332C502D442D313032393331302D312D332C502D442D313032393330392D312D332C502D442D313032393330352D312D332C502D442D313032393330342D312D332C502D442D313032393330332D312D332C502D442D313032393330302D312D332C502D442D313032393239392D312D332C502D442D313032393239382D312D332C502D442D313032393239372D312D332C502D442D313032393239362D312D332C502D442D313032393239352D312D332C502D442D313032393239332D322D332C502D442D313032393238392D31362D342C502D442D313032393237362D312D332C502D442D313032393237352D312D332C502D442D313032393237322D312D332C502D442D313032393237302D312D332C502D442D313032393236372D362D342C502D442D313032393235302D312D332C502D442D313032393234332D312D332C502D442D313032393233382D312D332C502D442D313032393233372D312D332C502D442D313032393233342D312D332C502D442D313032393230352D312D332C502D442D313032393230332D312D332C502D442D313032393134382D332D342C502D442D313032393133372D312D332C502D442D313032393039372D322D332C502D442D313032393039362D322D332C502D442D313032393039332D322D332C502D442D313032393039322D322D332C502D442D313032393039312D322D332C502D442D313032393039302D322D332C502D442D313032393038362D312D332C502D442D313032393038302D382D352C502D442D313032393037382D312D332C502D442D313032393037372D312D332C502D442D313032393037352D372D342C502D442D313032393036352D312D332C502D442D313032383937342D312D332C502D442D313032383935362D332D342C502D442D313032383837342D312D332C502D442D3130343131332D342D362C502D442D3130333938352D332D352C502D582D313034333136302D312D31332C502D582D313033373736392D312D372C502D582D313035353134302D312D392C502D582D313032353538312D312D372C502D582D39393239342D312D31352C502D582D39353831382D312D372C502D582D313032363730362D322D352C502D582D36373436312D312D372C502D582D313030303935322D312D31332C502D582D313035353639322D332D33322C502D582D313034343238342D312D352C502D582D313031363834372D312D372C502D582D313033373837312D322D392C502D582D3131323435312D332D31372C502D582D313031393538372D312D372C502D582D313032363130342D322D372C502D582D313031363236302D312D352C502D582D313032333334322D312D352C502D582D313032303934342D312D372C502D582D313031363832382D312D372C502D582D313031353837322D312D352C502D582D313031303733352D312D352C502D582D313031303533372D312D332C502D582D39343034372D312D392C502D582D313030323635382D312D372C502D582D3130383132342D312D352C502D582D38333332362D312D352C502D582D38373237342D312D31372C502D582D39393430312D312D352C502D582D38393032322D312D372C502D582D38383139332D312D31352C502D522D313134303733382D382D31302C502D522D313039373033302D362D372C502D522D313038363231382D362D382C502D522D313038333231352D362D382C502D522D313037333138382D362D31302C502D522D313037323838372D362D31302C502D522D313033353939342D362D392C502D522D313036323838302D362D372C502D522D313036323234302D362D382C502D522D313034383338392D362D382C502D522D313034363235362D342D382C502D522D37323236322D362D31322C502D522D35353031342D32302D31322C502D522D35343832362D32302D33322C502D522D35323939302D32302D32352C502D522D34303431392D4331392D37322C502D522D33363435322D32302D34322C502D522D33353438322D31322D31302C502D522D33353234302D34342D38362C502D522D33333339392D31322D31302C502D522D31383636322D362D33382C64393467633535363A3439303438392C30373063323631393A3339353330322C72656D696E646572736175746F6469736D6973737465616368696E6763616C6C6F75743432303A3339373831302C30623632313636353A3435313930372C7365617263685F73756767657374696F6E735F626573746D617463683A3437313738312C6F75656E613330333A3430303333382C67313031693931343A3332363333372C6F756F70783539333A3332373234352C6F753533363A3332373935322C67313267383938343A3339353239302C35636362693937333A3530383838352C6D6F6E6172636873657474696E67733A3431343733302C6A373338693937333A3339393332342C61637469766974657265616374696F6E73736B696E746F6E653A3431313738372C6F756F70783438333A3430313037382C6A3661656A3431353A3430313039302C6F757361663734373A3332343333342C39643633383734303A3332363935362C6F756875626C6173746368616E636563616C6C6F75743A3337343638382C736561726368737570706F727477696E646F7773696E646578696E677468726F74746C696E673A3332343432332C6F753430353A3332373236322C6F756164643538333A3332333937312C6F757365743532313A3430353631382C6F75636F6D3235373A3338383138372C6F756167613938363A3332363935342C6469616770616E65776562766965773A3332363337322C6F757365613937333A3332333836322C6F757365613830353A3332343934332C696E737472756D656E746174696F6E616E64616E73776572733A3332363939362C6174746163686D656E74746967687473706163696E673A3431363032352C6F756F70783331393A3332363731392C502D582D313035323931302D312D332C502D582D313032303532392D312D332C502D522D313031363533392D382D352C502D522D38323437332D312D342C502D522D35363631382D312D332C31393167353730353A3433333136302C7065696E703639343A3234363834392C502D582D38323337372D312D332C502D522D33333639362D312D352C656E61626C65616C776179736F6E726566726573683A3231383034362C502D522D33393931322D312D322C502D522D35303338302D31382D31382C502D582D3131353136362D312D332C70753436393A3433343439332C502D582D313032373334312D322D352C502D582D313034383034362D312D332C502D582D313034353236392D312D352C502D582D313034313335352D312D352C502D582D313034353035392D312D332C502D582D313034343238362D312D352C502D582D313030303536392D362D31392C502D582D313033383038312D322D352C502D582D313031383131372D312D352C502D582D37303330322D312D372C502D582D313032313138372D312D332C502D582D313031353532362D312D352C502D582D3131373734302D312D332C502D582D37313237382D352D31372C502D522D313038383737372D382D352C502D522D313038313636382D382D342C502D522D313037353133352D382D352C502D522D313037343337322D342D352C502D522D313037343037372D342D352C502D522D313036343135392D382D382C502D522D313034303537392D32362D31372C502D522D313033383632392D382D352C502D522D36333333382D31382D31312C502D522D35383235312D31382D31322C502D522D33333733372D312D342C6A636765643937303A3336353634322C38663966623737313A3339363938322C38623061313234353A3435343833312C66393935643630373A3334363839312C36366568313330383A3334353931382C33666831623238333A3338333636362C68693536673538353A3336383031332C65303931363830323A3439303739312C6A757374696669636174696F6E6F746865727769746873656375726974797761726E696E673A3435313233342C73656175743933393A3539363937312C33363832333632363A3532363433392C736566673833383A3334363836392C677261706869637366696C74657265787472616C6F636B646F776E3A3439363034382C73656175743232323A3130353133372C502D582D37383534352D312D352C502D582D313033363639312D322D31332C502D582D3131

Add for printing

Executable files

Suspicious files

187

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3788	OUTLOOK.EXE	C:\Users\admin\Documents\Outlook Files\Outlook1.pst		—
		MD5:—	SHA256:—
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres		binary
		MD5:557D749AEC088076955986A3DD5E8B41	SHA256:A6144377ED2290325B26366C329B424339DDB9E26B947AA0D98FBF363DC0A7FE
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin		text
		MD5:CC90D669144261B198DEAD45AA266572	SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\VTETB37E\Compensation_Statement2025.pdf		pdf
		MD5:69A99F1D25953CAC5CAB53737DC36F1E	SHA256:8DC8DCEE1393E595CCFA1351A504E78E3A38C344858E277013469682B6804A63
8176	Acrobat.exe	C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json		binary
		MD5:837C1211E392A24D64C670DC10E8DA1B	SHA256:8013AC030684B86D754BBFBAB8A9CEC20CAA4DD9C03022715FF353DC10E14031
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\VTETB37E\Compensation_Statement2025.pdf:Zone.Identifier		text
		MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B	SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\VTETB37E\Compensation_Statement2025 (002).pdf:Zone.Identifier		text
		MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B	SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
8176	Acrobat.exe	C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.1.20093.6 2025-08-01 05-16-32-457.log		text
		MD5:460C6041966002D8384A18C895A65EB0	SHA256:C83EC6E8FB3EC62481289C033238C1D9B08DB8076EAAD304099FD7A7F594F1B9
8176	Acrobat.exe	C:\Users\admin\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt		text
		MD5:EEA527719FE5B4CB3ACCE63CF83570DF	SHA256:0C7AC12B8E33A8A19C6FF0D2711805E3C6A000AD3B243BA345207E7BC1067AA9
3788	OUTLOOK.EXE	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\VTETB37E\Compensation_Statement2025 (002).pdf		pdf
		MD5:69A99F1D25953CAC5CAB53737DC36F1E	SHA256:8DC8DCEE1393E595CCFA1351A504E78E3A38C344858E277013469682B6804A63

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2064	svchost.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	2.16.241.12:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	23.3.109.244:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
3788	OUTLOOK.EXE	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
1588	SIHClient.exe	GET	200	23.3.109.244:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
1588	SIHClient.exe	GET	200	23.3.109.244:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
2940	svchost.exe	GET	200	23.3.109.48:80	http://x1.c.lencr.org/	unknown	—	—	whitelisted
8084	Acrobat.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
5944	MoUsoCoreWorker.exe	20.44.239.154:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	SG	whitelisted
1268	svchost.exe	20.44.239.154:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	SG	whitelisted
828	RUXIMICS.exe	20.44.239.154:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	SG	whitelisted
3788	OUTLOOK.EXE	52.123.128.14:443	ecs.office.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
3788	OUTLOOK.EXE	23.213.161.11:443	omex.cdn.office.net	Akamai International B.V.	DE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
3788	OUTLOOK.EXE	52.111.231.8:443	messaging.lifecycle.office.com	MICROSOFT-CORP-MSN-AS-BLOCK	FR	whitelisted
3788	OUTLOOK.EXE	172.187.61.142:443	nleditor.osi.office.net	MICROSOFT-CORP-MSN-AS-BLOCK	FR	whitelisted
2064	svchost.exe	20.190.160.130:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	20.44.239.154 20.73.194.208 51.104.136.2 40.127.240.158	whitelisted
google.com	142.250.186.110	whitelisted
ecs.office.com	52.123.128.14 52.123.129.14	whitelisted
omex.cdn.office.net	23.213.161.11 23.213.161.31	whitelisted
messaging.lifecycle.office.com	52.111.231.8	whitelisted
nleditor.osi.office.net	172.187.61.142	whitelisted
login.live.com	20.190.160.130 40.126.32.138 40.126.32.68 20.190.160.64 20.190.160.3 20.190.160.67 20.190.160.66 40.126.32.134	whitelisted
ocsp.digicert.com	184.30.131.245 2.17.190.73	whitelisted
odc.officeapps.live.com	52.109.28.48	whitelisted
crl.microsoft.com	2.16.241.12 2.16.241.14	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

phish_alert_sp2_2.0.0.0 (70).eml

02C2874164436E64ADAF02309C8AA405

B452F61F590313B0EE83F4848D15D239EAB0355B

8CE7D788855CE9D97FB5B47A02F3040DCBA8764BF23DE31EEB324957E9F32A3E

1536:TymMnzjLiyyGD0lS7HVFvauUmf732wBRnZE/PYPE7p9oZoHZlR0qhj:mbXL0GDP7qwubpfHZt

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Suspicious URL found

QR code contains URL with email

Phishing has been detected

SUSPICIOUS

QR code with Mixed Case Domain (Potential Phishing)

INFO

Reads security settings of Internet Explorer

Reads Microsoft Office registry keys

Application launched itself

Checks proxy server information

Reads the software policy settings

Malware configuration

Static information

TRiD

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings