Edit tour

Windows Analysis Report
https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com

Overview

General Information

Sample URL:https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
Analysis ID:1329279
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries memory information (via WMI often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Creates files inside the system directory
Stores large binary data to the registry
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5256 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=2568,i,15340604483085259944,7161964218313129483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • lync.exe (PID: 3040 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" "sip:1124166264.rsm@m.webex.com MD5: EA37BE9C3560062AAD02B73D64B6E427)
      • lynchtmlconv.exe (PID: 5876 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe" MD5: 6AEAD656E50BC1B6E9BEA527187B5624)
  • chrome.exe (PID: 6392 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • lync.exe (PID: 712 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey MD5: EA37BE9C3560062AAD02B73D64B6E427)
  • lync.exe (PID: 404 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey MD5: EA37BE9C3560062AAD02B73D64B6E427)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results
Source: https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.comHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.62.132:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Uc.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Psom.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\lync.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocimport.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Psom.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\LyncDesktopViewModel.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\UccApi.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\lync.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocrec.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Uc.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\jb3\target\x86\ship\lync\x-none\Win32MsgQueue.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\LyncDesktopViewModel.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocimport.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\UccApi.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\jb3\target\x86\ship\lync\x-none\Win32MsgQueue.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocrec.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: chromecache_60.2.drString found in binary or memory: <li><a href="https://www.facebook.com/webex" aria-label="Facebook" rel="noopener"><span class="icon-facebook"></span></a></li> equals www.facebook.com (Facebook)
Source: chromecache_60.2.drString found in binary or memory: <li><a href="https://www.linkedin.com/company/webex" aria-label="Linkedin" rel="noopener"><span class="icon-linkedin"></span></a></li> equals www.linkedin.com (Linkedin)
Source: chromecache_60.2.drString found in binary or memory: <li><a href="https://www.youtube.com/c/webex" aria-label="YouTube" rel="noopener"><span class="icon-youtube"></span></a></li> equals www.youtube.com (Youtube)
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.aadrm.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.aadrm.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.cortana.ai
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.diagnostics.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.microsoftstream.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.office.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.onedrive.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://api.scheduler.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://apis.live.net/v5.0/
Source: chromecache_60.2.drString found in binary or memory: https://apphub.webex.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://augloop.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://augloop.office.com/v2
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_60.2.drString found in binary or memory: https://blog.webex.com/
Source: chromecache_60.2.drString found in binary or memory: https://cart.webex.com/sign-up
Source: chromecache_60.2.drString found in binary or memory: https://cart.webex.com/sign-up?experienceType=Unified&ft=selfsignup&theme=dark&ft=skipProvCheck
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cdn.entity.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_62.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.1/purify.min.js
Source: chromecache_60.2.drString found in binary or memory: https://chrome.google.com/webstore/detail/cisco-webex-extension/jlhmfgmfgeifomenelglieieghnjghma
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: chromecache_60.2.drString found in binary or memory: https://community.cisco.com/t5/webex-user-community/ct-p/webex-user
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://config.edge.skype.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cortana.ai
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cortana.ai/api
Source: chromecache_60.2.drString found in binary or memory: https://cpaas.webex.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://cr.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://d.docs.live.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dev.cortana.ai
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: chromecache_60.2.drString found in binary or memory: https://developer.webex.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://devnull.onenote.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://directory.services.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ecs.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: chromecache_60.2.drString found in binary or memory: https://essentials.webex.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_60.2.drString found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://graph.ppe.windows.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://graph.windows.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://graph.windows.net/
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/accessories
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/cameras
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/desk-series
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/headsets
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/phones
Source: chromecache_60.2.drString found in binary or memory: https://hardware.webex.com/products/room-series-and-kits
Source: chromecache_60.2.drString found in binary or memory: https://help.webex.com
Source: chromecache_60.2.drString found in binary or memory: https://help.webex.com/
Source: chromecache_60.2.drString found in binary or memory: https://help.webex.com/contact
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: chromecache_60.2.drString found in binary or memory: https://insight.adsrvr.org/track/pxl/
Source: chromecache_60.2.drString found in binary or memory: https://insight.adsrvr.org/track/up
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://invites.office.com/
Source: chromecache_60.2.drString found in binary or memory: https://js.adsrvr.org/up_loader.1.1.0.js
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://lifecycle.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.microsoftonline.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.microsoftonline.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.windows.local
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://make.powerautomate.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://management.azure.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://management.azure.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.action.office.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://messaging.office.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ncus.contentsync.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://officeapps.live.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://onedrive.live.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://otelrules.azureedge.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office365.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office365.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://powerlift.acompli.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: chromecache_60.2.drString found in binary or memory: https://pricing.webex.com/
Source: chromecache_60.2.drString found in binary or memory: https://pricing.webex.com/us/en
Source: chromecache_60.2.drString found in binary or memory: https://pricing.webex.com/us/en/
Source: chromecache_60.2.drString found in binary or memory: https://pricing.webex.com/us/en/hybrid-work/meetings/?utm_medium=website&utm_source=wdc&utm_campaign
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://res.cdn.office.net
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: chromecache_60.2.drString found in binary or memory: https://schema.org
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://settings.outlook.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://shell.suite.office.com:1443
Source: chromecache_60.2.drString found in binary or memory: https://signin.webex.com
Source: chromecache_60.2.drString found in binary or memory: https://signin.webex.com/join
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://staging.cortana.ai
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://substrate.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://tasks.office.com
Source: chromecache_60.2.drString found in binary or memory: https://twitter.com/webex
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: chromecache_60.2.drString found in binary or memory: https://use.webex.com/contact-sales?lang=en&locale=US
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: chromecache_60.2.drString found in binary or memory: https://vidcast.io/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: chromecache_60.2.drString found in binary or memory: https://webexahead.webex.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://webshell.suite.office.com
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://wus2.contentsync.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/c/dam/cdc/t/ctm-core.js
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/c/dam/cdc/t/ctm.js
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/terms-conditions.html
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/c/en/us/solutions/collaboration/index.html#~stickynav=1
Source: chromecache_60.2.drString found in binary or memory: https://www.cisco.com/web/siteassets/legal/trademark.html
Source: chromecache_60.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-JX5PZRZSGR
Source: chromecache_60.2.drString found in binary or memory: https://www.instagram.com/webex/
Source: chromecache_60.2.drString found in binary or memory: https://www.linkedin.com/company/webex
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/#website
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/collaboration-devices.html
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/company/careers.html
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/company/webex-leap.html
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/contact-sales.html
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/contact-sales.html?locale=US
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/content/dam/wbx/global/images/webex-favicon.png
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/content/dam/wbx/us/images/rebrand/Home-Fallback-V2-16_9.png
Source: chromecache_60.2.drString found in binary or memory: https://www.webex.com/downloads.html
Source: chromecache_60.2.drString found in binary or memory: https://www.webexmerchstore.com/
Source: 480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drString found in binary or memory: https://www.yammer.com
Source: chromecache_60.2.drString found in binary or memory: https://www.youtube.com/c/webex
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-05-06; NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/dompurify/2.3.1/purify.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.webex.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R3YYkFgbftNNmRH&MD=FDvSN7GY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R3YYkFgbftNNmRH&MD=FDvSN7GY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownHTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.62.132:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeSection loaded: isolatedwindowsenvironmentutils.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeSection loaded: isolatedwindowsenvironmentutils.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeSection loaded: isolatedwindowsenvironmentutils.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_5256_1448178316Jump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=2568,i,15340604483085259944,7161964218313129483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" "sip:1124166264.rsm@m.webex.com
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=2568,i,15340604483085259944,7161964218313129483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" "sip:1124166264.rsm@m.webex.comJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Office Communicator_
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeMutant created: \Sessions\1\BaseNamedObjects\Local\MicrosoftOfficeCommunicatorSharedMemoryAccess
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\LyncJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeFile created: C:\Users\user\AppData\Local\Temp\{49D21906-A29C-43E1-A511-89FF0F2FC42E} - OProcSessId.datJump to behavior
Source: classification engineClassification label: mal52.evad.win@24/24@10/6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Uc.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Psom.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\lync.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocimport.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Psom.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\LyncDesktopViewModel.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\UccApi.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\lync.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocrec.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\Uc.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\jb3\target\x86\ship\lync\x-none\Win32MsgQueue.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\LyncDesktopViewModel.pdb source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocimport.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\UccApi.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\jb3\target\x86\ship\lync\x-none\Win32MsgQueue.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\lync\x-none\ocrec.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: Lync-16.0.16827.20130-Office-x86ship-U.etl.5.dr
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LyncJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LyncJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\lync\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE &apos;%PHYSICALDRIVE0%&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE &apos;%PHYSICALDRIVE0%&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE &apos;%PHYSICALDRIVE0%&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory WHERE Tag=&apos;Physical Memory 0&apos;
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts31
Windows Management Instrumentation
1
Registry Run Keys / Startup Folder
11
Process Injection
11
Masquerading
OS Credential Dumping31
Security Software Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
DLL Side-Loading
1
Registry Run Keys / Startup Folder
1
Modify Registry
LSASS Memory211
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
DLL Side-Loading
211
Virtualization/Sandbox Evasion
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection
NTDS121
System Information Discovery
Distributed Component Object ModelInput CaptureScheduled Transfer4
Application Layer Protocol
SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1329279 URL: https://www.webex.com/mstea... Startdate: 20/10/2023 Architecture: WINDOWS Score: 52 33 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 2->33 35 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 2->35 37 Queries memory information (via WMI often done to detect virtual machines) 2->37 7 chrome.exe 9 2->7         started        10 lync.exe 503 17 2->10         started        12 lync.exe 13 2->12         started        14 chrome.exe 2->14         started        process3 dnsIp4 29 192.168.2.6, 137, 443, 49698 unknown unknown 7->29 31 239.255.255.250 unknown Reserved 7->31 16 chrome.exe 7->16         started        19 lync.exe 972 160 7->19         started        process5 dnsIp6 23 www.google.com 142.251.111.104, 443, 49720, 49739 GOOGLEUS United States 16->23 25 clients.l.google.com 172.253.115.113, 443, 49711 GOOGLEUS United States 16->25 27 4 other IPs or domains 16->27 21 lynchtmlconv.exe 19->21         started        process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com0%Avira URL Cloudsafe
https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com1%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://my.microsoftpersonalcontent.com0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://vidcast.io/0%Avira URL Cloudsafe
https://d.docs.live.net0%VirustotalBrowse
https://vidcast.io/0%VirustotalBrowse

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.253.62.84
truefalse
    high
    cdnjs.cloudflare.com
    104.17.25.14
    truefalse
      high
      www.google.com
      142.251.111.104
      truefalse
        high
        clients.l.google.com
        172.253.115.113
        truefalse
          high
          www.webex.com
          unknown
          unknownfalse
            high
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.comfalse
                high
                https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.1/purify.min.jsfalse
                  high
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    high
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.webex.com/company/careers.htmlchromecache_60.2.drfalse
                      high
                      https://shell.suite.office.com:1443480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                        high
                        https://autodiscover-s.outlook.com/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                          high
                          https://useraudit.o365auditrealtimeingestion.manage.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                            high
                            https://outlook.office365.com/connectors480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                              high
                              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                high
                                https://cdn.entity.480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                • URL Reputation: safe
                                unknown
                                https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                  high
                                  https://rpsticket.partnerservices.getmicrosoftkey.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://lookup.onenote.com/lookup/geolocation/v1480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                    high
                                    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                      high
                                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                        high
                                        https://api.aadrm.com/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://www.yammer.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                          high
                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                            high
                                            https://api.microsoftstream.com/api/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                              high
                                              https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                high
                                                https://cr.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                  high
                                                  https://js.adsrvr.org/up_loader.1.1.0.jschromecache_60.2.drfalse
                                                    high
                                                    https://res.getmicrosoftkey.com/api/redemptionevents480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://tasks.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                      high
                                                      https://officeci.azurewebsites.net/api/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://hardware.webex.com/products/phoneschromecache_60.2.drfalse
                                                        high
                                                        https://my.microsoftpersonalcontent.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://store.office.cn/addinstemplate480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://help.webex.com/contactchromecache_60.2.drfalse
                                                          high
                                                          https://messaging.engagement.office.com/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                            high
                                                            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                              high
                                                              https://pricing.webex.com/us/en/hybrid-work/meetings/?utm_medium=website&utm_source=wdc&utm_campaignchromecache_60.2.drfalse
                                                                high
                                                                https://www.odwebp.svc.ms480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://api.powerbi.com/v1.0/myorg/groups480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                  high
                                                                  https://web.microsoftstream.com/video/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                    high
                                                                    https://api.addins.store.officeppe.com/addinstemplate480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://schema.orgchromecache_60.2.drfalse
                                                                      high
                                                                      https://graph.windows.net480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                        high
                                                                        https://consent.config.office.com/consentcheckin/v1.0/consents480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                          high
                                                                          https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                            high
                                                                            https://signin.webex.com/joinchromecache_60.2.drfalse
                                                                              high
                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                high
                                                                                https://d.docs.live.net480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                • 0%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://ncus.contentsync.480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                  high
                                                                                  http://weather.service.msn.com/data.aspx480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                    high
                                                                                    https://blog.webex.com/chromecache_60.2.drfalse
                                                                                      high
                                                                                      https://www.cisco.com/c/en/us/solutions/collaboration/index.html#~stickynav=1chromecache_60.2.drfalse
                                                                                        high
                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                          high
                                                                                          https://pricing.webex.com/chromecache_60.2.drfalse
                                                                                            high
                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                              high
                                                                                              https://www.webex.com/#websitechromecache_60.2.drfalse
                                                                                                high
                                                                                                https://pushchannel.1drv.ms480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                  high
                                                                                                  https://developer.webex.com/chromecache_60.2.drfalse
                                                                                                    high
                                                                                                    https://wus2.contentsync.480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://clients.config.office.net/user/v1.0/ios480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                      high
                                                                                                      https://signin.webex.comchromecache_60.2.drfalse
                                                                                                        high
                                                                                                        https://api.addins.omex.office.net/api/addins/search480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                          high
                                                                                                          https://outlook.office365.com/api/v1.0/me/Activities480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                            high
                                                                                                            https://clients.config.office.net/user/v1.0/android/policies480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                              high
                                                                                                              https://entitlement.diagnostics.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                high
                                                                                                                https://hardware.webex.com/products/cameraschromecache_60.2.drfalse
                                                                                                                  high
                                                                                                                  https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                    high
                                                                                                                    https://vidcast.io/chromecache_60.2.drfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    https://outlook.office.com/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                      high
                                                                                                                      https://storage.live.com/clientlogs/uploadlocation480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                        high
                                                                                                                        https://login.microsoftonline.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                          high
                                                                                                                          https://substrate.office.com/search/api/v1/SearchHistory480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                            high
                                                                                                                            https://www.webex.com/collaboration-devices.htmlchromecache_60.2.drfalse
                                                                                                                              high
                                                                                                                              https://www.cisco.com/c/en/us/about/legal/terms-conditions.htmlchromecache_60.2.drfalse
                                                                                                                                high
                                                                                                                                https://clients.config.office.net/c2r/v1.0/InteractiveInstallation480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                  high
                                                                                                                                  https://graph.windows.net/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                    high
                                                                                                                                    https://devnull.onenote.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                      high
                                                                                                                                      https://messaging.office.com/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                        high
                                                                                                                                        https://www.cisco.com/c/dam/cdc/t/ctm-core.jschromecache_60.2.drfalse
                                                                                                                                          high
                                                                                                                                          https://pricing.webex.com/us/enchromecache_60.2.drfalse
                                                                                                                                            high
                                                                                                                                            https://www.webex.com/content/dam/wbx/global/images/webex-favicon.pngchromecache_60.2.drfalse
                                                                                                                                              high
                                                                                                                                              https://help.webex.com/chromecache_60.2.drfalse
                                                                                                                                                high
                                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://skyapi.live.net/Activity/480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown
                                                                                                                                                  https://www.webex.com/contact-sales.htmlchromecache_60.2.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://cpaas.webex.com/chromecache_60.2.drfalse
                                                                                                                                                      high
                                                                                                                                                      https://api.cortana.ai480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      unknown
                                                                                                                                                      https://www.webex.com/company/webex-leap.htmlchromecache_60.2.drfalse
                                                                                                                                                        high
                                                                                                                                                        https://www.webex.com/contact-sales.html?locale=USchromecache_60.2.drfalse
                                                                                                                                                          high
                                                                                                                                                          https://messaging.action.office.com/setcampaignaction480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                            high
                                                                                                                                                            https://visio.uservoice.com/forums/368202-visio-on-devices480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                              high
                                                                                                                                                              https://staging.cortana.ai480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              unknown
                                                                                                                                                              https://onedrive.live.com/embed?480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://augloop.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://www.cisco.com/c/en/us/about/legal/privacy-full.htmlchromecache_60.2.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://www.webex.com/downloads.htmlchromecache_60.2.drfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://www.linkedin.com/company/webexchromecache_60.2.drfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://api.diagnosticssdf.office.com/v2/file480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://twitter.com/webexchromecache_60.2.drfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://use.webex.com/contact-sales?lang=en&locale=USchromecache_60.2.drfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://api.diagnostics.office.com480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://hardware.webex.com/products/desk-serieschromecache_60.2.drfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://store.office.de/addinstemplate480BCA8B-1937-4BA2-8D2E-A99264AE8838.5.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      172.253.62.84
                                                                                                                                                                                      accounts.google.comUnited States
                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                      142.251.111.104
                                                                                                                                                                                      www.google.comUnited States
                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                      unknownReserved
                                                                                                                                                                                      unknownunknownfalse
                                                                                                                                                                                      172.253.115.113
                                                                                                                                                                                      clients.l.google.comUnited States
                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                      104.17.25.14
                                                                                                                                                                                      cdnjs.cloudflare.comUnited States
                                                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                                                      IP
                                                                                                                                                                                      192.168.2.6
                                                                                                                                                                                      Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                                                                      Analysis ID:1329279
                                                                                                                                                                                      Start date and time:2023-10-20 14:54:30 +02:00
                                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 3m 12s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:browseurl.jbs
                                                                                                                                                                                      Sample URL:https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
                                                                                                                                                                                      Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal52.evad.win@24/24@10/6
                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Browse: sip:1124166264.rsm@m.webex.com
                                                                                                                                                                                      • Browse: sip:rsm@m.webex.com
                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe, MavInject32.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.253.115.94, 34.104.35.123, 23.66.225.58, 192.229.211.108, 69.164.0.128, 52.109.20.38, 52.113.194.132, 20.42.73.24, 8.253.45.214, 142.251.167.94
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdeus03.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, clientservices.googleapis.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, e119.dsca.akamaiedge.net, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, update.googleapis.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, all-www.webex.com.edgekey.net
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      14:55:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Lync "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
                                                                                                                                                                                      14:56:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Lync "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
                                                                                                                                                                                      No context
                                                                                                                                                                                      No context
                                                                                                                                                                                      No context
                                                                                                                                                                                      No context
                                                                                                                                                                                      No context
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                      Entropy (8bit):0.12040748423970622
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:12:9HSWj2xX/7Ez7UnEZQ1olHWZkR871nEo/xDWZS+:dFchEeiCB79Ek0T
                                                                                                                                                                                      MD5:A9694F29B50036962D088117DECEAD8F
                                                                                                                                                                                      SHA1:258260196171479CF9142F1E5E8766C479C64E28
                                                                                                                                                                                      SHA-256:C78960D816F33A256C071A0E6CC52D87DF860126456311DD09DE370A74F0703A
                                                                                                                                                                                      SHA-512:DBD7A12F5514C19DD5E89658FEEC10E8F4C9AE39FF66F542B4C032EEBA0F387634F0792ECDB349B3D3082515A04D9753FC0277D038B936AF4B990FDC44DB1EA4
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:............................................................................>...........*.u.T...................eJ..............Zb..(.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................e.-J...........*.u.T...........L.y.n.c._.S.e.c.o.n.d.a.r.y...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.L.y.n.c.\.T.r.a.c.i.n.g.\.L.y.n.c._.S.e.c.o.n.d.a.r.y.-.1.6...0...1.6.8.2.7...2.0.1.3.0.-.O.f.f.i.c.e.-.x.8.6.s.h.i.p.-.U...e.t.l.........P.P.........m.v.T...........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):1869
                                                                                                                                                                                      Entropy (8bit):5.072015848279132
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:48:cG3/IdnzyBedyrZ+nzyCsSynyJdyr5dnzyVLdyi4kSyrfznzy72dysOASyMadSyO:Yd2sEY2jbkEH2ZEgbn26ENAb5dbO
                                                                                                                                                                                      MD5:6A37E1B523322B2FB76DFA339D488006
                                                                                                                                                                                      SHA1:1D95B58CBF42AFFAC6884A3772B622630A3045E7
                                                                                                                                                                                      SHA-256:4B80B35E8DCBA478A10FA7E05103017B79F3E23533921F79FAED7051DEA7E1BE
                                                                                                                                                                                      SHA-512:591D1660E23EE9D3EEE3A9E7C3C45A0399A50E42B5491C530064FA4C4E4FEDF58E7494ACFC2DD3B781B81D2D7DF98903957BC1A17FC6E952F51FD48221060564
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-20T12:56:10Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_26215680</Id><LAT>2023-10-20T12:56:10Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-20T12:56:10Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-20T12:56:10Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2023-10-20T12:56:10Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-20T12:56:10Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Apto
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                      Entropy (8bit):4.59765480084879
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3072:75f0Zk03Atot1vhzC0C5Z3S6dXHtPA0PY76v/Im0EA+7x+VFt:lJo
                                                                                                                                                                                      MD5:D7D085ED9DB8A2CDC276B6BE96A98052
                                                                                                                                                                                      SHA1:4FA87F3FFAC3EE36990BA5B49ECCDA0B0DAD5796
                                                                                                                                                                                      SHA-256:54D96EC35ED92B1E56C3BBAA5D1EFEAAA3BD4913692D35D565FD5C865DB936E1
                                                                                                                                                                                      SHA-512:A4B852F97081F4C297DC781D9A753AA14FDAD453EDA51C4DFCA603DDF0C8BFDDED417AF1A6DA571E74194BB04BA4442880A58916563E84B4CE641C3D16B1A6AD
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:................................................@.......................................s.e.T...................eJ..............Zb..,.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................e.-J...........s.e.T...........L.y.n.c...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.L.y.n.c.\.T.r.a.c.i.n.g.\.L.y.n.c.-.1.6...0...1.6.8.2.7...2.0.1.3.0.-.O.f.f.i.c.e.-.x.8.6.s.h.i.p.-.U...e.t.l.........P.P.........q.g.T...............................................................8.B.s.e.T...19041.1.amd64fre.vb_release.191206-1406.....$.@.s.e.T...J.V.M5.B..C.m......d:\dbs\el\omr\target\x86\ship\lync\x-none\ocrec.pdb.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):602
                                                                                                                                                                                      Entropy (8bit):3.451426846316992
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:6:MKONbgH4+/ovovOVCC8hHWLsZuwg+HyAHHGHIvovdBNbgH4+/Qt2z6+Ow:M7F+/owXC8h2Q0DKTHHoIwxF+/GG6+v
                                                                                                                                                                                      MD5:3B07E3C06A2EE4389F33BB49EE221423
                                                                                                                                                                                      SHA1:72D820F291FE4F28EB6044F7211FFFE3D68E12ED
                                                                                                                                                                                      SHA-256:561ED645F90692B3431E47FCCCEE4886A2AA422207AE09EA23FA40C393652CFD
                                                                                                                                                                                      SHA-512:F02703C6BD9295B0AFAC04960BE62FEFFAC96F0E0F4FD8B51DCCF8024E428472663E8B0972A87A59C2BD66943B8C94BF21A983F6BB2AFA84745A34EC4F9FCD63
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:10/20/2023|14:55:50.254 BE0:A94 INFO :: ********************************************************************************..********************************************************************************..####### module=AppSharingMediaProvider flavor=fre version=16.0.16827.20014 ######..####### branch=UNKNOWN architecture=X86 ######..************************************************************************************************************************..****************************************....10/20/2023|14:55:50.254 BE0:A94 INFO :: CAppsharingMediaProvider::StartLogging: tracing enabled..
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                      Category:modified
                                                                                                                                                                                      Size (bytes):2182
                                                                                                                                                                                      Entropy (8bit):5.207638001251885
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:48:2CGgLopxoX0P76ZM7jcoXcpbjmmpbjmVpbjm6p29pGTEct/hxw:2lgMp6X0PGO7BXcpbqmpbqVpbq6p29pp
                                                                                                                                                                                      MD5:746D88411C1A4F098E52E2F48A1531D8
                                                                                                                                                                                      SHA1:A10E69B0BA682921F4698E26BF64D2D3BB4195C4
                                                                                                                                                                                      SHA-256:3717FDE43239D9D4483B7A9030D346491457AE6D09C998E6B4B03794532B1D6A
                                                                                                                                                                                      SHA-512:FA91A5B3AC0AD2EC9777292B412A17A654802A4C1A9F51AFBB39A69310C64E5829D90EEEDAC89701E999F0140752212C4812539E6E29769FC3C250C13925C6EA
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:10/20/2023|14:55:50.301 BE0:A94 INFO :: ********************************************************************************..********************************************************************************..####### module=UccApi flavor=fre version=16.0.16827.20014 ######..####### branch=UNKNOWN architecture=X86 ######..************************************************************************************************************************..****************************************....10/20/2023|14:55:50.301 BE0:A94 INFO :: CUccPlatform::EnableTracing: tracing enabled..10/20/2023|14:55:52.798 BE0:A94 INFO :: Crop=2 ..10/20/2023|14:55:52.876 BE0:A94 INFO :: ProductID = 0 and VendorID = 0, device is not in the unsupported list...10/20/2023|14:55:52.876 BE0:A94 INFO :: Function: CMediaDevice::InternalQueryDeviceLocation..10/20/2023|14:55:52.876 BE0:A94 ERROR :: HRESULT failed: 80070032 = hr . failed to get device property MM_DP_LOCATION..10/20/2023|14:55:52.876 BE0:A94 WARN :: The video
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                      Entropy (8bit):0.12040748423970622
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:12:9HSWj2xX/7Ez7UnEZQ1olHWZkR871nEo/xDWZS+:dFchEeiCB79Ek0T
                                                                                                                                                                                      MD5:A9694F29B50036962D088117DECEAD8F
                                                                                                                                                                                      SHA1:258260196171479CF9142F1E5E8766C479C64E28
                                                                                                                                                                                      SHA-256:C78960D816F33A256C071A0E6CC52D87DF860126456311DD09DE370A74F0703A
                                                                                                                                                                                      SHA-512:DBD7A12F5514C19DD5E89658FEEC10E8F4C9AE39FF66F542B4C032EEBA0F387634F0792ECDB349B3D3082515A04D9753FC0277D038B936AF4B990FDC44DB1EA4
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:............................................................................>...........*.u.T...................eJ..............Zb..(.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................e.-J...........*.u.T...........L.y.n.c._.S.e.c.o.n.d.a.r.y...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.L.y.n.c.\.T.r.a.c.i.n.g.\.L.y.n.c._.S.e.c.o.n.d.a.r.y.-.1.6...0...1.6.8.2.7...2.0.1.3.0.-.O.f.f.i.c.e.-.x.8.6.s.h.i.p.-.U...e.t.l.........P.P.........m.v.T...........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                      Entropy (8bit):0.6927284670058608
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:12:ENj2xX/7EzrVvWQ1olHWZkR8hlWY/3cQn:scGXiCBhlWosQ
                                                                                                                                                                                      MD5:3E66B430FC22D9346C008294EBB1A8AE
                                                                                                                                                                                      SHA1:1324D1B5BB4102D6BEF9EF311BAE0F88DCCF2F13
                                                                                                                                                                                      SHA-256:460AD2F66438D3EDA09CEA4703B5ECD0EB535E610D3CC21EDCDE1BF368A2A738
                                                                                                                                                                                      SHA-512:9B23C8EDEAE9E8EA53994471CF17C69CC634D45C31952B41E51EAB3A0A6A3993C8359AF0379598D7174AE7B6FFE35D067D1568FF01693102ECFB8F3ECBA2BF7A
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:. ..........................................................................>............t..T...!........ ......eJ..............Zb..........................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................e.-J............t..T...........M.e.d.i.a.S.t.a.c.k...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.L.y.n.c.\.T.r.a.c.i.n.g.\.W.P.P.M.e.d.i.a.\.l.y.n.c._.M.e.d.i.a.S.t.a.c.k.-.6...0...8.9.6.8...6.9.4.-.l.o.c.a.l.-.x.8.6.f.r.e.-.U...e.t.l.........P.P..........t..T...!.......................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                      Entropy (8bit):0.7064715850613985
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:12:MoQYj2xX/7Ezu+vgTQ1olHWZkR8hlWgh3cARwn:MoQYc/EJiCBhlWSsswn
                                                                                                                                                                                      MD5:95617A9A47ADE3159CB67F1E2091F7A7
                                                                                                                                                                                      SHA1:0F4690B98C28E71F6E8647FCB923620916815E2E
                                                                                                                                                                                      SHA-256:89015E3B51C0D5CE7E06792C4F493F1C21E787CB73BB6D15BDFB6D417CC8B901
                                                                                                                                                                                      SHA-512:E58407F663052E2DC339705554B3424814F64F227DBA0E92E89490101C7E4AED199B943E26B1FC2C3FD35723A482205AFC394DA196C9719063C742C3B1D4BE73
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:. ..........................................................................J...........U..T...!........ ......eJ..............Zb..(.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................e.-J...........U..T...........M.e.d.i.a.S.t.a.c.k.E.T.W...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.L.y.n.c.\.T.r.a.c.i.n.g.\.W.P.P.M.e.d.i.a.\.l.y.n.c._.M.e.d.i.a.S.t.a.c.k.E.T.W.-.6...0...8.9.6.8...6.9.4.-.l.o.c.a.l.-.x.8.6.f.r.e.-.U...e.t.l.............P.P.........U..T...!.......................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):162299
                                                                                                                                                                                      Entropy (8bit):5.344433996300066
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:1536:P+C7FPgu8B3U9guwQJQ9DQA+zez0Q5k4F77nXmvid8XRTEwr/j6B:soQ9DQA+zezQXef
                                                                                                                                                                                      MD5:5C6379338A5B20254D677F0CE7B6F2F9
                                                                                                                                                                                      SHA1:741D365B82A597F1D4D2706C5EF7B13979B52904
                                                                                                                                                                                      SHA-256:DD54DBF72A843237D35C5517D5E0B55F114E4608EA72493862E56B94BBFBA582
                                                                                                                                                                                      SHA-512:BA50738C91DC899DFD625CD0689899539F4342C3ED0E55C0EA6893CA0341376180FBE02C75E62B24C6CFD4B5DE9CC36A1D00BEFBA289C39E8C55EFCFE77ABFD6
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-10-20T12:55:50">.. Build: 16.0.17008.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                      Entropy (8bit):0.09216609452072291
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                                      MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                                      SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                                      SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                                      SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:SQLite Rollback Journal
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):4616
                                                                                                                                                                                      Entropy (8bit):0.13760166725504608
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:7FEG2l+7xt/lK/FllkpMRgSWbNFl/sl+ltlslVlllfll3P:7+/l7g9bNFlEs1EP/v
                                                                                                                                                                                      MD5:1B51F5CA221FC93739BEAA455BBE3B6A
                                                                                                                                                                                      SHA1:CB2EFFAC742A6FE3662C80BDFA188387FA737B58
                                                                                                                                                                                      SHA-256:E03A944EB026A907772B6D5D3D4D20F55F8D315EA9C69EB921854B978EA35FE2
                                                                                                                                                                                      SHA-512:3B595EDB365584C8880643DA8FC06D465A5284DF692302F22DD2364CD08ABF822D8A8A3D6A265DD9CB2D6F59A7629AAAF1BBEF5A2336D527EC5DA5FBAB6281DF
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:.... .c........*....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                      Entropy (8bit):0.04446227416749482
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:6:G4l28dPa3V6izW/4l28dPa3V6iz10L9XXPH4l942U:l2Pg6Go2Pg6105A0
                                                                                                                                                                                      MD5:331FAD62584D2E5DAF294EC039B8C942
                                                                                                                                                                                      SHA1:8458E5A98209C2EC67AF1696C764D045334FEB9C
                                                                                                                                                                                      SHA-256:C3162BAD11AA05D64DB441D172CDCFA0EAB852CE6279412866FDC412A0A5DE06
                                                                                                                                                                                      SHA-512:A33314F20B0FD6C79FCB44204FCFA4AB7B46B090993FFCD7D9B873BB65A2DE5CDB4183D79790B28EFD36D0DEE0C9BEBC290A307967A19B610AB1DA9C2AB7EA89
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:..-.....................N.g.O...u.d.-T..M.KZ.=..-.....................N.g.O...u.d.-T..M.KZ.=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):45352
                                                                                                                                                                                      Entropy (8bit):0.39302513148671303
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:24:KP6eQ3zRDpqUll7DBtDi4kZERD+yzqt8VtbDBtDi4kZERDso/J:66eQ1YUll7DYMnzO8VFDYMwC
                                                                                                                                                                                      MD5:B95914A85297481B5A729A7BDDED28C4
                                                                                                                                                                                      SHA1:C621FD4680C86C7DB55173177D46353955819FF1
                                                                                                                                                                                      SHA-256:585B02D4B9729BEA1411C91A2C7799346E4B92622924FDD4CFAB0B704D1DA761
                                                                                                                                                                                      SHA-512:F13823C1569211BE97BFBE8353050802AC1CE96138B1C64D3EBBA1436FB039BE605461C0BA6927581F00D202B2F29AA8B1107B10011572AEC93752CB5ED8158D
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:7....-...........u.d.-T.9px#..}|.........u.d.-T........"SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                                      Entropy (8bit):3.8547517365376174
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:48:uiTrlKxsxx2xl9Il8uuq5JzQMbTnz07CmYod1rc:vSY0KJ147zY/
                                                                                                                                                                                      MD5:4985951775BA3D2830C2AD0275F3D3AB
                                                                                                                                                                                      SHA1:10E64152E9DBD4C5E16B50F7AD1B631442DF4688
                                                                                                                                                                                      SHA-256:209B64DACBD39024311E8441CA53A8DEBF4446B556AF8C2883F4B5364A106A52
                                                                                                                                                                                      SHA-512:5B7F07B2307FB541642765C2CE94812E31DD5C2FCA1ACC35E67A0DC85F781A40C92FFA2954C5DFBB881BF3A7C6DC9F5BA81236390D172B0A60FDBF7E97A77975
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.c.c.I.l.0.D.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.o.y.1.O.8.
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):4542
                                                                                                                                                                                      Entropy (8bit):3.9956974213751644
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:48:uiTrlKxxxrWxD9Il8uuqKOo6jL0xnwKxgT1m/ncXFvU3PQFST6fdbn9WmXVfMYHL:dY0fOo6jAxBxtfn3PiHVzq1Y
                                                                                                                                                                                      MD5:99D7E1FE6694EC240B17E52DC630A13D
                                                                                                                                                                                      SHA1:30D115E972EC4D95E90483CCC507E60AE30FADDE
                                                                                                                                                                                      SHA-256:3595EFD66863D6248A173084AB2DBC972E431762FA7FE4F666E2D09D4AF93B93
                                                                                                                                                                                      SHA-512:AF2B57F815642D56016E9ED268698937719B28B61E735FF2C7088E5578B00777C1325DF985931EBD5F0270A0AF5A8E81A89A70E54335E989A72F00D1184076D4
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".F.2.E.u.C.F.U.D.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.o.y.1.O.8.
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):423818
                                                                                                                                                                                      Entropy (8bit):5.375342137412923
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:6144:/Myflm+vyJfbnQkK96B88yKv4bWTmTvEiLSu:/MyNm+6dF4/9
                                                                                                                                                                                      MD5:64A3E7576CF5C372B32425F19E7DA148
                                                                                                                                                                                      SHA1:33D20D9F1C90BA594F1ED934EDA6F74489B390B9
                                                                                                                                                                                      SHA-256:57E97D2C6B44FC33263BB6D54C4A856781F92AA0DB9DC9E238DE1F5CF0825AEF
                                                                                                                                                                                      SHA-512:DC43BECFB76416B959736777883B65823F9F2B0343DF93D9667DB250C51BDB70BE994BCBBC43C316AA743CB81875E5EB6995D7B16A7F877D563CA7D936931A0A
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:...P................d...................D...................System.StructuredQueryType.Action.System.StructuredQueryType.AllBitsSet.System.StructuredQueryType.AnyBitsSet.System.StructuredQueryType.Blurb.System.StructuredQueryType.Boolean.=TRUE.=FALSE.System.StructuredQueryType.ByteUnit.=1.=1024.=1048576.=1073741824.=1099511627776.=1125899906842624.=1152921504606846976.=1000.=1000000.=1000000000.=1000000000000.=1000000000000000.=1000000000000000000.System.StructuredQueryType.DateTime.N00UUUUUUUK7ZZNNU.N00UUUUUUUK1ZZNNU.N00UUUUUUUK2ZZNNU.N00UUUUUUUK3ZZNNU.N00UUUUUUUK4ZZNNU.N00UUUUUUUK5ZZNNU.N00UUUUUUUK6ZZNNU.N00UK1UUUUUUZZNNU.N00UK2UUUUUUZZNNU.N00UK3UUUUUUZZNNU.N00UK4UUUUUUZZNNU.N00UK5UUUUUUZZNNU.N00UK6UUUUUUZZNNU.N00UK7UUUUUUZZNNU.N00UK8UUUUUUZZNNU.N00UK9UUUUUUZZNNU.N00UK10UUUUUUZZNNU.N00UK11UUUUUUZZNNU.N00UK12UUUUUUZZNNU.R00UUUUUUUUZDNNU.R00UUUUUUUUD-1DNNU.R00UUUUUUUUD1DNNU.R00UUUUUUUUZZXD-1NU.R00UUUUUUUUZZXD1NU.R00UUUUUUUUZWNNU.R00UUUUUUUUW-1WNNU.R00UUUUUUUUW1WNNU.R00UUUUUUUUZZXW-1NU.
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:dBase III DBT, version number 0, next free block index 423818, 1st item "ateTime"
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):423856
                                                                                                                                                                                      Entropy (8bit):5.375072999048652
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:6144:uMyflm+vyJfbnQkK96B88yKv4bWTmTvEiLS:uMyNm+6dF4/
                                                                                                                                                                                      MD5:22BAD91A2BF01BA2E976ABA67C8D651F
                                                                                                                                                                                      SHA1:657E730CB857DEC1FD5F16AAF7E96C6F5B4453FF
                                                                                                                                                                                      SHA-256:C7C55A299A53E2D334669648A3220D936953FC0D80EFA70C1D5C93EDD3F858CC
                                                                                                                                                                                      SHA-512:B9449BBF74667F4463377E303BC3CC95E4C19F44C141C97EC8B00D77E3AB1A8DF392425BDFE4D04FC8E51BA3F382A3112884BEBBF49601798E6349E37AC9B1F0
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:.w.. ..............................P................d...................D...................System.StructuredQueryType.Action.System.StructuredQueryType.AllBitsSet.System.StructuredQueryType.AnyBitsSet.System.StructuredQueryType.Blurb.System.StructuredQueryType.Boolean.=TRUE.=FALSE.System.StructuredQueryType.ByteUnit.=1.=1024.=1048576.=1073741824.=1099511627776.=1125899906842624.=1152921504606846976.=1000.=1000000.=1000000000.=1000000000000.=1000000000000000.=1000000000000000000.System.StructuredQueryType.DateTime.N00UUUUUUUK7ZZNNU.N00UUUUUUUK1ZZNNU.N00UUUUUUUK2ZZNNU.N00UUUUUUUK3ZZNNU.N00UUUUUUUK4ZZNNU.N00UUUUUUUK5ZZNNU.N00UUUUUUUK6ZZNNU.N00UK1UUUUUUZZNNU.N00UK2UUUUUUZZNNU.N00UK3UUUUUUZZNNU.N00UK4UUUUUUZZNNU.N00UK5UUUUUUZZNNU.N00UK6UUUUUUZZNNU.N00UK7UUUUUUZZNNU.N00UK8UUUUUUZZNNU.N00UK9UUUUUUZZNNU.N00UK10UUUUUUZZNNU.N00UK11UUUUUUZZNNU.N00UK12UUUUUUZZNNU.R00UUUUUUUUZDNNU.R00UUUUUUUUD-1DNNU.R00UUUUUUUUD1DNNU.R00UUUUUUUUZZXD-1NU.R00UUUUUUUUZZXD1NU.R00UUUUUUUUZWNNU.R00UUUUUUUUW-1WNNU.R00UUU
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):76
                                                                                                                                                                                      Entropy (8bit):4.35518664038055
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:fKcbvlZCX4TDxU+KBhcoxv:icDCOtmOk
                                                                                                                                                                                      MD5:6A4201E88F8E03CABA62E7E66F52FB50
                                                                                                                                                                                      SHA1:41F3538FEC60A89C69BDEEDA22A73A0554164051
                                                                                                                                                                                      SHA-256:C9A1283C2E5BAF3EB9C1D4265B2F1A8E6976D6787C9361CD5208D729F48721A2
                                                                                                                                                                                      SHA-512:5D0DF2E9608B6D74C2884818491731C228FBCAD9F66E4D891003689B20F9626EE82ED89F852D1500AACBB4BC4726D23BB7594018F1258B1E9AD7A57839CAA459
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:node_id2=3194867192971895220.node_uuid=fe21ce9c-6f47-11ee-99da-73c8eda3a1b4.
                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                      Size (bytes):146975
                                                                                                                                                                                      Entropy (8bit):5.0408939474454115
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:1536:ewFXiP7Pqbm+lu4n0XKMibnchsnkZyKywfMi:4qi34RVk+Ji
                                                                                                                                                                                      MD5:C9D039B7671F061793BDAF85D0271AC6
                                                                                                                                                                                      SHA1:5767BF7CE1A62CD34EE71D5883ED43CC17E260A2
                                                                                                                                                                                      SHA-256:90ACE388B1158CAB1D671DB9B89C1B1733B43C4854D714CA986A2B04836577C3
                                                                                                                                                                                      SHA-512:74B2FE59D3479E68F542DD086C2C88124A66EE5242CF4D533E4735D46CDA011729AAC845FBB941E3EE2510A09DF3B229848550ADC7DD745CA969CFA4ED2AA31E
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      URL:https://www.webex.com/favicon.ico
                                                                                                                                                                                      Preview:<!DOCTYPE HTML>..<html lang="en">. <head>................ .<title>Page not Found</title>.<meta name="title" content="Page not Found"/> .<meta charset="UTF-8">..<meta name="apple-itunes-app" content="app-id=833967564" />..<meta name="author" content="Webex">..<meta name="publisher" content="Cisco">..<meta property="og:type" content="website" />..<meta property="og:url" content="https://www.webex.com/" />..<meta property="og:title" content="The leader in collaboration & customer experience | Webex" />..<meta property="og:description" content="With industry leading video conferencing, calling, and contact center solutions, Webex fuels hybrid work for businesses of all sizes." />..<meta property="og:image" content="https://www.webex.com/content/dam/wbx/us/images/rebrand/Home-Fallback-V2-16_9.png">....<meta property="og:site_name" content="Webex" />..<meta name="twitter:card" content="summary_large_image">..<meta name="twitter:url" content="https://www.webex.com">..<meta name="twitter:t
                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      File Type:assembler source, ASCII text
                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                      Size (bytes):2655
                                                                                                                                                                                      Entropy (8bit):5.10797461247447
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:48:ZmJVZLqxUVJVsY8/aCDydD7r32eDJKwbt:ZmJzqxUVJVsuCGZBDJK4
                                                                                                                                                                                      MD5:8E4B71595FA4D7C65553E10D442EA71B
                                                                                                                                                                                      SHA1:718FE814D057F1865057AB0AE388C6BC872D3EE2
                                                                                                                                                                                      SHA-256:95F62D71BE39C3B6E94277776B959C0D91CD7DD2BF909AC005FF3A330F663D1D
                                                                                                                                                                                      SHA-512:ABBF37CF8DC7853E15D382ADD30B2A7A81C3EDDE0752F3D7C3DF35570C072F77AB04FB6542F74052EFCB92FB3D522FBF71828AE6348B3B192DC3D22A2447F748
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      URL:https://www.webex.com/content/dam/wbx/us/images/rebrand/msteams/style.css
                                                                                                                                                                                      Preview:/* FONT CONFIG */.@font-face {. font-family: 'CiscoSansTT Light';. font-style: normal;. font-weight: 400;. src: url(../fonts/CiscoSansTTLight.woff2) format("woff2"),url(../fonts/CiscoSansTTLight.woff) format("woff");. font-display: fallback.}.@font-face {. font-family: 'CiscoSansTT Regular';. font-style: normal;. font-weight: 400;. src: url(../fonts/CiscoSansTTRegular.woff2) format("woff2"),url(../fonts/CiscoSansTTRegular.woff) format("woff");. font-display: fallback.}..body {. margin: 0;.}..a {. color: #64c7ef;.}..hr {. border-color: #64c7ef !important;. height: 0;. margin: 1.25rem 0 1.1875rem;. clear: both;. border: solid #e6e8e8;. border-width: 1px 0 0;. overflow: visible;. box-sizing: content-box;.}..#cisco {. color: #52bae6;.}..#webex {. color: #406c88;.}...powered-by {. margin-top: 20px;. margin-bottom: 20px;.}..#main {. padding: 25px;. color: #6d7071;. font-family: "CiscoSansTT Light","Helvetica Neu
                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                      Size (bytes):14705
                                                                                                                                                                                      Entropy (8bit):5.3329346124534025
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:192:/tDeveRDbwLo6o4ahOiO6YFPk6wySq0tYkepaBKdViiDu8t3f59aiF1pmr76iuE1:A2db0o6ogt/Uq0tXOVi1yx9B6x/+E
                                                                                                                                                                                      MD5:E33B93801E49F8AE26F0F6AF96CBA0A0
                                                                                                                                                                                      SHA1:58F52BB06D7214A41DAB525464A0D25E3C36EC9A
                                                                                                                                                                                      SHA-256:C88DDF25ECE0ED89F1F8E025709FFAC2AE89627A9D2B015E53C776890DBE495C
                                                                                                                                                                                      SHA-512:FFB6D095503E29A65CC6C5FDA7FDB2AD7B161398FAA82E1B9A800231F745614B9C4ECF2B84F37D2155BA033170B7DCBF0C5543B21D6ED075EB754EB4F1A34D9B
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      URL:https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
                                                                                                                                                                                      Preview:<!DOCTYPE HTML>.<html lang="en-US">. <head>...<title>Cisco Webex Meetings - Interoperability</title>.<meta charset=UTF-8". data-sly-use.headlibRenderer="headlibs.html". data-sly-use.clientLib="/libs/granite/sightly/templates/clientlib.html"/>.<meta name="viewport" content="width=device-width, height=device-height, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/>.</template></head>. <body onload="initContent()" data-spy="scroll" data-target=".ver-nav" data-offset="115" class="classic-" style="position: relative">. .... .<div class="root responsivegrid">...<div class="aem-Grid aem-Grid--12 aem-Grid--default--12 ">. . <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12">...<div class="aem-Grid aem-Grid--12 aem-Grid--default--12 ">. . <div class="raw-html aem-GridColumn aem-GridColumn--default--12">.........<style>.@font-face {. font-family: 'CiscoSansTT Light';. font-style: normal;. fo
                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      File Type:ASCII text, with very long lines (18080)
                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                      Size (bytes):18308
                                                                                                                                                                                      Entropy (8bit):5.278458037908755
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:384:d4haOF+WJbybv8dlM9xxiryfeiwU28bYRqUKOihkYmm0eYf:+FPIv8HM9mYeiw4bYRqUieTeYf
                                                                                                                                                                                      MD5:5D20846A79BA77B44ADB3E8EE9E68EE0
                                                                                                                                                                                      SHA1:9F40034D3D662303E0E712C43EBA8376858BF94A
                                                                                                                                                                                      SHA-256:29DBD11DB52419F340862BCA1B4ED04D56143CCCDAE26A5830F0140673B4E19A
                                                                                                                                                                                      SHA-512:4BF3CBC9A8DAB550CC4685FA6112E467CDDB3E2CD62E8D4CB2963F66004D12E8F0DFDA1C7255BC471B812A7FCD04382B3170ECCF4AF7CF8BE3DB8ADE5B83EF99
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      URL:https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.1/purify.min.js
                                                                                                                                                                                      Preview:/*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.1/LICENSE */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=function(e){return e}),a||(a=function(e){return e}),u||(u=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var f,m=x(Array.prototype.forEach),d=x(Array.prototype.pop),p=x(Array.prototy
                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                      Size (bytes):12708
                                                                                                                                                                                      Entropy (8bit):5.3861274248149105
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:192:M8zhkFTSl0HYLepaB/dV1iLunt3MY2RHBvnfe9aigrrmpi6MVG976iqELEDtgP:LKQl0HMnV1ddX029sURlAqP
                                                                                                                                                                                      MD5:4B5AC983CD2A6906915E170D9A0BAC44
                                                                                                                                                                                      SHA1:2B861ABCDEE7C2B73CADF7A4B6BD18BCC7D273D9
                                                                                                                                                                                      SHA-256:4FFE717F100F64B62F97A7130CF3B8698F357310E0968F38569905710AADCEAE
                                                                                                                                                                                      SHA-512:B18B462BB1ADB0E5696D80B59FE290AD729CAC69299FE4D2AEF025D8D59568D824FBF861DD4806251095D9D47110668D71E10DED40DA0EB57E44D8B7407F419C
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      URL:https://www.webex.com/content/dam/wbx/us/images/rebrand/msteams/animated.js
                                                                                                                                                                                      Preview:const urlParams = new URLSearchParams(window.location.search);.const tenantKey = DOMPurify.sanitize(urlParams.get('tenantkey'));.const domain = DOMPurify.sanitize(urlParams.get('domain'));.const conferenceId = DOMPurify.sanitize(urlParams.get('confid'));.const data = {. "en": {. "pageHeader": "Cisco Webex",. "invitationHeader": "Video Meeting Invitation",. "joinDirectHeader": "Join meeting directly",. "joinDirectMessage": "Enter <<variable>> on a Cisco Webex Room or other standard video endpoint",. "joinPrompHeader": "Join through a prompt for VTC conference ID",. "jonPromtMessage": "Enter <<variable>> and then the VTC conference ID <<variable>> followed by #",. "pageFooter": "Powered by Cisco Webex Video Integration for Microsoft Teams". },. "fr": {. "pageHeader": "Cisco Webex",. "invitationHeader": "Invitation . une visioconf.rence",. "joinDirectHeader": "Rejoindre la r.union directement",. "join
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                      Entropy (8bit):3.6709585933443503
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:RlU9I2Y1AnDe/mFRR:R7GC6RR
                                                                                                                                                                                      MD5:6B66AEF352A4B921E83BF6D2A3C1F9E2
                                                                                                                                                                                      SHA1:7B46BF6B764AC890424F0AC1DE427F7391E2B340
                                                                                                                                                                                      SHA-256:9699FF4BA0528FC171EE6FB7DEBF136EA053ACC44C090C7309A25FEA1276B1EA
                                                                                                                                                                                      SHA-512:0926383D5BE7927ED86CFF734A472EC59C74EABCA9024C5AE203A3FE05B16499833E94CFA1D1AA13E651A4914CB62E4354F83334EE7D6CECD82BB99B17906819
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Preview:....7.0.1.1.8.8.....\MAILSLOT\NET\GETDC948CE6C8............ ....
                                                                                                                                                                                      No static file info

                                                                                                                                                                                      Download Network PCAP: filteredfull

                                                                                                                                                                                      • Total Packets: 155
                                                                                                                                                                                      • 443 (HTTPS)
                                                                                                                                                                                      • 80 (HTTP)
                                                                                                                                                                                      • 53 (DNS)
                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                      Oct 20, 2023 14:55:12.400618076 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:12.401494980 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:12.745259047 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:17.829870939 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:17.830130100 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768498898 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768524885 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768595934 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769129038 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769165039 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769213915 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769510031 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769532919 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769895077 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:18.769905090 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.012310982 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.012608051 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.012619019 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.014597893 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.014662027 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.015456915 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.015547991 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.015626907 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.015631914 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.018744946 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.018920898 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.018944979 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.019448042 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.019515038 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.020051003 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.020107985 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.020792007 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.020848036 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.021043062 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.021050930 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.087524891 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.134424925 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.241556883 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.241945028 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.242042065 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.242213964 CEST49711443192.168.2.6172.253.115.113
                                                                                                                                                                                      Oct 20, 2023 14:55:19.242228985 CEST44349711172.253.115.113192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.306307077 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.306617975 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.306673050 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.307213068 CEST49710443192.168.2.6172.253.62.84
                                                                                                                                                                                      Oct 20, 2023 14:55:19.307223082 CEST44349710172.253.62.84192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.545387983 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.545428991 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.545516014 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.545886993 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.545902967 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.750601053 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.750817060 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.750843048 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.751874924 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.751945972 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.752846956 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.752904892 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.753036022 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:20.753043890 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.800107002 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.073760033 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.073791027 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.073847055 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.074209929 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.074223042 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086219072 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086363077 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086415052 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086429119 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086554050 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086606979 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086613894 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086711884 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086760998 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086767912 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086878061 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086925983 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.086931944 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087028980 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087074995 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087080002 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087177038 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087230921 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087236881 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087322950 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087368011 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087373018 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087608099 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.087656975 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.088344097 CEST49717443192.168.2.6104.17.25.14
                                                                                                                                                                                      Oct 20, 2023 14:55:21.088359118 CEST44349717104.17.25.14192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.336993933 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.337233067 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.337260962 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.338115931 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.338179111 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.344101906 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.344150066 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.384779930 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:21.384789944 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.432781935 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:22.008737087 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:22.008738041 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:22.353354931 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:23.196721077 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.196758986 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.196830988 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.202208996 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.202234030 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.422183037 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.422265053 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.435934067 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.435950994 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.436865091 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.478282928 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.553888083 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.594484091 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.654681921 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.654882908 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.654980898 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.655021906 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.655088902 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.655088902 CEST49726443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.655101061 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.655112028 CEST44349726104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.703767061 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.703800917 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.703869104 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.704369068 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.704382896 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.922368050 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.922568083 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.925009012 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.925014973 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.925328016 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:23.927584887 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:23.974436998 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:24.118546963 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:24.118781090 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:24.118935108 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:24.119937897 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:24.119951963 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:24.119961977 CEST49727443192.168.2.6104.118.8.139
                                                                                                                                                                                      Oct 20, 2023 14:55:24.119966984 CEST44349727104.118.8.139192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:31.357116938 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:31.357199907 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:31.357347012 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:32.609463930 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:32.609496117 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:32.609566927 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:32.611488104 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:32.611501932 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:32.809027910 CEST49720443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:55:32.809053898 CEST44349720142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.106477976 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.152112007 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.152215958 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.154839039 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.154850006 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.155252934 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.211926937 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.260420084 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.260996103 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261012077 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261024952 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261039019 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261082888 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261171103 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.362929106 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.406455994 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.695278883 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701661110 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701729059 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701750040 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701773882 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701786995 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701806068 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701822996 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701829910 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701857090 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701879978 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701888084 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.701905012 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.702007055 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.702074051 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.702080965 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.702200890 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.702250004 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:33.851108074 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.852515936 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:33.852720022 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.854147911 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.854235888 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.854494095 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:33.854640007 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:34.008450031 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.008469105 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.008480072 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.008491039 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.008550882 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.010117054 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.010154963 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.010195017 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:34.010220051 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:34.037630081 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:34.037667990 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.037681103 CEST49728443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:55:34.037688971 CEST4434972840.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.056759119 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.056772947 CEST44349703173.222.162.64192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:34.056813002 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:34.056828022 CEST49703443192.168.2.6173.222.162.64
                                                                                                                                                                                      Oct 20, 2023 14:55:54.007930040 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.007972956 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.008209944 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.008482933 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.008506060 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.510243893 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.510360003 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.536376953 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.536406994 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.537355900 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.537851095 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.537930965 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.538017035 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935686111 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935748100 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935791016 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935925007 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935925007 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935956955 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.935981989 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.936053038 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.936223030 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.936242104 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:54.936254978 CEST49733443192.168.2.640.126.62.132
                                                                                                                                                                                      Oct 20, 2023 14:55:54.936261892 CEST4434973340.126.62.132192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:02.749350071 CEST4969880192.168.2.6104.66.243.145
                                                                                                                                                                                      Oct 20, 2023 14:56:02.749490976 CEST49699443192.168.2.6104.105.82.206
                                                                                                                                                                                      Oct 20, 2023 14:56:02.847969055 CEST44349699104.105.82.206192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:02.847987890 CEST44349699104.105.82.206192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:02.848064899 CEST49699443192.168.2.6104.105.82.206
                                                                                                                                                                                      Oct 20, 2023 14:56:02.848107100 CEST49699443192.168.2.6104.105.82.206
                                                                                                                                                                                      Oct 20, 2023 14:56:02.848355055 CEST8049698104.66.243.145192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:02.848505974 CEST4969880192.168.2.6104.66.243.145
                                                                                                                                                                                      Oct 20, 2023 14:56:05.072968960 CEST4970680192.168.2.68.253.45.239
                                                                                                                                                                                      Oct 20, 2023 14:56:05.169464111 CEST80497068.253.45.239192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:05.169548035 CEST4970680192.168.2.68.253.45.239
                                                                                                                                                                                      Oct 20, 2023 14:56:05.418447018 CEST49705443192.168.2.6204.79.197.200
                                                                                                                                                                                      Oct 20, 2023 14:56:05.418703079 CEST4970780192.168.2.68.253.45.239
                                                                                                                                                                                      Oct 20, 2023 14:56:10.523760080 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:10.523844004 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:10.524049044 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:10.524368048 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:10.524409056 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.050579071 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.050684929 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.053139925 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.053167105 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.053669930 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.065381050 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.110454082 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548125982 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548161983 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548192978 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548242092 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548273087 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548291922 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548296928 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548357964 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548367977 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548372030 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548384905 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548404932 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548424006 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.548455954 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.560787916 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.560817957 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:11.560872078 CEST49737443192.168.2.640.127.169.103
                                                                                                                                                                                      Oct 20, 2023 14:56:11.560880899 CEST4434973740.127.169.103192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.042958021 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:21.043005943 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.043109894 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:21.043390036 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:21.043401003 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.313967943 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.314347982 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:21.314376116 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.314707994 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.315118074 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:21.315170050 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:21.368474007 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:31.312335968 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:31.312475920 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:31.312751055 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:32.808387995 CEST49739443192.168.2.6142.251.111.104
                                                                                                                                                                                      Oct 20, 2023 14:56:32.808456898 CEST44349739142.251.111.104192.168.2.6
                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                      Oct 20, 2023 14:55:18.673719883 CEST6424153192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:18.673957109 CEST5236053192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:18.674396992 CEST5565853192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:18.674622059 CEST6215853192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:18.757371902 CEST53596131.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST53642411.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.767760992 CEST53556581.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768063068 CEST53621581.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768331051 CEST53523601.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.375081062 CEST53568691.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:19.781019926 CEST5276553192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:19.781240940 CEST5925353192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:20.450594902 CEST5048253192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:20.451133013 CEST5295053192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:20.544504881 CEST53504821.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.544698954 CEST53529501.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:20.978962898 CEST6084453192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:20.979123116 CEST5634453192.168.2.61.1.1.1
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST53608441.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072933912 CEST53563441.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:36.417192936 CEST53578811.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:55:51.564436913 CEST137137192.168.2.6192.168.2.255
                                                                                                                                                                                      Oct 20, 2023 14:55:52.308419943 CEST137137192.168.2.6192.168.2.255
                                                                                                                                                                                      Oct 20, 2023 14:55:53.058433056 CEST137137192.168.2.6192.168.2.255
                                                                                                                                                                                      Oct 20, 2023 14:55:55.405060053 CEST53649361.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:16.441499949 CEST53650601.1.1.1192.168.2.6
                                                                                                                                                                                      Oct 20, 2023 14:56:18.455050945 CEST53609901.1.1.1192.168.2.6
                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                      Oct 20, 2023 14:55:18.673719883 CEST192.168.2.61.1.1.10x7da4Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.673957109 CEST192.168.2.61.1.1.10x2294Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.674396992 CEST192.168.2.61.1.1.10x4f8bStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.674622059 CEST192.168.2.61.1.1.10xf7e0Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:19.781019926 CEST192.168.2.61.1.1.10xa03fStandard query (0)www.webex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:19.781240940 CEST192.168.2.61.1.1.10x8c36Standard query (0)www.webex.com65IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.450594902 CEST192.168.2.61.1.1.10x6476Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.451133013 CEST192.168.2.61.1.1.10x808dStandard query (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.978962898 CEST192.168.2.61.1.1.10x8146Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.979123116 CEST192.168.2.61.1.1.10x7dcfStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.113A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.101A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.100A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.138A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.139A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.766940117 CEST1.1.1.1192.168.2.60x7da4No error (0)clients.l.google.com172.253.115.102A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.767760992 CEST1.1.1.1192.168.2.60x4f8bNo error (0)accounts.google.com172.253.62.84A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:18.768331051 CEST1.1.1.1192.168.2.60x2294No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:19.875782013 CEST1.1.1.1192.168.2.60xa03fNo error (0)www.webex.comall-www.webex.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:19.877090931 CEST1.1.1.1192.168.2.60x8c36No error (0)www.webex.comall-www.webex.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.544504881 CEST1.1.1.1192.168.2.60x6476No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.544504881 CEST1.1.1.1192.168.2.60x6476No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:20.544698954 CEST1.1.1.1192.168.2.60x808dNo error (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.104A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.99A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.103A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.106A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.147A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072875023 CEST1.1.1.1192.168.2.60x8146No error (0)www.google.com142.251.111.105A (IP address)IN (0x0001)false
                                                                                                                                                                                      Oct 20, 2023 14:55:21.072933912 CEST1.1.1.1192.168.2.60x7dcfNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                      • accounts.google.com
                                                                                                                                                                                      • clients2.google.com
                                                                                                                                                                                      • https:
                                                                                                                                                                                        • cdnjs.cloudflare.com
                                                                                                                                                                                      • fs.microsoft.com
                                                                                                                                                                                      • slscr.update.microsoft.com
                                                                                                                                                                                      • login.live.com
                                                                                                                                                                                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                      Oct 20, 2023 14:55:33.261024952 CEST173.222.162.64443192.168.2.649703CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,028a2c9bd18a11de089ef85a160da29e4
                                                                                                                                                                                      CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=USCN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=USWed Aug 12 02:00:00 CEST 2020Fri Jun 28 01:59:59 CEST 2024
                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      0192.168.2.649710172.253.62.84443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:19 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                                                      Host: accounts.google.com
                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                      Content-Length: 1
                                                                                                                                                                                      Origin: https://www.google.com
                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                      Cookie: 1P_JAR=2023-10-05-06; NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                      2023-10-20 12:55:19 UTC0OUTData Raw: 20
                                                                                                                                                                                      Data Ascii:


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      1192.168.2.649711172.253.115.113443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:19 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                      Host: clients2.google.com
                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                      X-Goog-Update-Interactivity: fg
                                                                                                                                                                                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                      X-Goog-Update-Updater: chromecrx-117.0.5938.134
                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      10192.168.2.64973740.127.169.103443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:56:11 UTC65OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R3YYkFgbftNNmRH&MD=FDvSN7GY HTTP/1.1
                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                                                      2023-10-20 12:56:11 UTC65INHTTP/1.1 200 OK
                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                      MS-CorrelationId: 13a406d6-6b49-4103-8b77-ab2ec4ee6d48
                                                                                                                                                                                      MS-RequestId: d3748a09-4efc-4a37-a340-5acd464677b1
                                                                                                                                                                                      MS-CV: NzeOkmHpv0OreRJ9.0
                                                                                                                                                                                      X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:56:11 GMT
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Content-Length: 25457
                                                                                                                                                                                      2023-10-20 12:56:11 UTC66INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                      2023-10-20 12:56:11 UTC81INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      2172.253.115.113443192.168.2.649711C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:19 UTC1INHTTP/1.1 200 OK
                                                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-rUuLxlLYNkiPb9TGOgOVNA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:19 GMT
                                                                                                                                                                                      Content-Type: text/xml; charset=UTF-8
                                                                                                                                                                                      X-Daynum: 6136
                                                                                                                                                                                      X-Daystart: 21319
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                      Server: GSE
                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                      2023-10-20 12:55:19 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 33 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 31 33 31 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                                                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6136" elapsed_seconds="21319"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                                                      2023-10-20 12:55:19 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                                                                                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                                                                                      2023-10-20 12:55:19 UTC2INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      3172.253.62.84443192.168.2.649710C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:19 UTC2INHTTP/1.1 200 OK
                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:19 GMT
                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kZRS-LuVD2lCzTYFap3S9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                                                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                      Server: ESF
                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                      2023-10-20 12:55:19 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                                                      Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                                                      2023-10-20 12:55:19 UTC4INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      4192.168.2.649717104.17.25.14443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:20 UTC4OUTGET /ajax/libs/dompurify/2.3.1/purify.min.js HTTP/1.1
                                                                                                                                                                                      Host: cdnjs.cloudflare.com
                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                      Referer: https://www.webex.com/
                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      5104.17.25.14443192.168.2.649717C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:21 UTC5INHTTP/1.1 200 OK
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:21 GMT
                                                                                                                                                                                      Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                      Cache-Control: public, max-age=30672000
                                                                                                                                                                                      ETag: W/"6116df4a-1ce0"
                                                                                                                                                                                      Last-Modified: Fri, 13 Aug 2021 21:08:26 GMT
                                                                                                                                                                                      cf-cdnjs-via: cfworker/kv
                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      CF-Cache-Status: MISS
                                                                                                                                                                                      Expires: Wed, 09 Oct 2024 12:55:21 GMT
                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dP4WwHEsVvXLR2VndeAiJUtkg5f2rnyLf5VqCIXrtFn9peNeBIEhd%2BkWjRQ0Pf2E%2BeCDpovYVrgKw2%2BXf8MOAjiBj3RpIbA04vnesIZTrc5HGdoxVNtNw8hS79l7NOl%2B4TGH5FI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                      NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                      Strict-Transport-Security: max-age=15780000
                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                      CF-RAY: 81916a23b8fa07a4-IAD
                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                      2023-10-20 12:55:21 UTC5INData Raw: 34 37 38 34 0d 0a 2f 2a 21 20 40 6c 69 63 65 6e 73 65 20 44 4f 4d 50 75 72 69 66 79 20 32 2e 33 2e 31 20 7c 20 28 63 29 20 43 75 72 65 35 33 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 41 70 61 63 68 65 20 6c 69 63 65 6e 73 65 20 32 2e 30 20 61 6e 64 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 20 4c 69 63 65 6e 73 65 20 32 2e 30 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 63 75 72 65 35 33 2f 44 4f 4d 50 75 72 69 66 79 2f 62 6c 6f 62 2f 32 2e 33 2e 31 2f 4c 49 43 45 4e 53 45 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20
                                                                                                                                                                                      Data Ascii: 4784/*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.1/LICENSE */!function(e,t){"object"==typeof exports&&"undefined"!=typeof
                                                                                                                                                                                      2023-10-20 12:55:21 UTC6INData Raw: 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 6e 3d 4f 62 6a 65 63 74 2e 69 73 46 72 6f 7a 65 6e 2c 72 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 2c 69 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 2c 61 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 2c 6c 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 2c 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 52 65 66 6c 65 63 74 26 26 52 65 66 6c 65 63 74 2c 73 3d 63 2e 61 70 70 6c 79 2c 75 3d 63 2e 63 6f 6e 73 74 72 75 63 74 3b 73 7c 7c 28 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 65 2e 61 70 70 6c 79 28 74 2c 6e 29 7d 29 2c 69 7c 7c 28 69 3d 66 75 6e
                                                                                                                                                                                      Data Ascii: t.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=fun
                                                                                                                                                                                      2023-10-20 12:55:21 UTC7INData Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 66 61 6c 6c 62 61 63 6b 20 76 61 6c 75 65 20 66 6f 72 22 2c 65 29 2c 6e 75 6c 6c 7d 7d 76 61 72 20 6b 3d 69 28 5b 22 61 22 2c 22 61 62 62 72 22 2c 22 61 63 72 6f 6e 79 6d 22 2c 22 61 64 64 72 65 73 73 22 2c 22 61 72 65 61 22 2c 22 61 72 74 69 63 6c 65 22 2c 22 61 73 69 64 65 22 2c 22 61 75 64 69 6f 22 2c 22 62 22 2c 22 62 64 69 22 2c 22 62 64 6f 22 2c 22 62 69 67 22 2c 22 62 6c 69 6e 6b 22 2c 22 62 6c 6f 63 6b 71 75 6f 74 65 22 2c 22 62 6f 64 79 22 2c 22 62 72 22 2c 22 62 75 74 74 6f 6e 22 2c 22 63 61 6e 76 61 73 22 2c 22 63 61 70 74 69 6f 6e 22 2c 22 63 65 6e 74 65 72 22 2c 22 63 69 74 65 22 2c 22 63 6f 64 65 22 2c 22 63 6f 6c 22 2c 22 63 6f 6c 67 72
                                                                                                                                                                                      Data Ascii: n function(e){return console.warn("fallback value for",e),null}}var k=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgr
                                                                                                                                                                                      2023-10-20 12:55:21 UTC9INData Raw: 65 6e 64 22 2c 22 66 65 43 6f 6c 6f 72 4d 61 74 72 69 78 22 2c 22 66 65 43 6f 6d 70 6f 6e 65 6e 74 54 72 61 6e 73 66 65 72 22 2c 22 66 65 43 6f 6d 70 6f 73 69 74 65 22 2c 22 66 65 43 6f 6e 76 6f 6c 76 65 4d 61 74 72 69 78 22 2c 22 66 65 44 69 66 66 75 73 65 4c 69 67 68 74 69 6e 67 22 2c 22 66 65 44 69 73 70 6c 61 63 65 6d 65 6e 74 4d 61 70 22 2c 22 66 65 44 69 73 74 61 6e 74 4c 69 67 68 74 22 2c 22 66 65 46 6c 6f 6f 64 22 2c 22 66 65 46 75 6e 63 41 22 2c 22 66 65 46 75 6e 63 42 22 2c 22 66 65 46 75 6e 63 47 22 2c 22 66 65 46 75 6e 63 52 22 2c 22 66 65 47 61 75 73 73 69 61 6e 42 6c 75 72 22 2c 22 66 65 4d 65 72 67 65 22 2c 22 66 65 4d 65 72 67 65 4e 6f 64 65 22 2c 22 66 65 4d 6f 72 70 68 6f 6c 6f 67 79 22 2c 22 66 65 4f 66 66 73 65 74 22 2c 22 66 65 50 6f
                                                                                                                                                                                      Data Ascii: end","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePo
                                                                                                                                                                                      2023-10-20 12:55:21 UTC10INData Raw: 22 2c 22 64 65 66 61 75 6c 74 22 2c 22 64 69 72 22 2c 22 64 69 73 61 62 6c 65 64 22 2c 22 64 69 73 61 62 6c 65 70 69 63 74 75 72 65 69 6e 70 69 63 74 75 72 65 22 2c 22 64 69 73 61 62 6c 65 72 65 6d 6f 74 65 70 6c 61 79 62 61 63 6b 22 2c 22 64 6f 77 6e 6c 6f 61 64 22 2c 22 64 72 61 67 67 61 62 6c 65 22 2c 22 65 6e 63 74 79 70 65 22 2c 22 65 6e 74 65 72 6b 65 79 68 69 6e 74 22 2c 22 66 61 63 65 22 2c 22 66 6f 72 22 2c 22 68 65 61 64 65 72 73 22 2c 22 68 65 69 67 68 74 22 2c 22 68 69 64 64 65 6e 22 2c 22 68 69 67 68 22 2c 22 68 72 65 66 22 2c 22 68 72 65 66 6c 61 6e 67 22 2c 22 69 64 22 2c 22 69 6e 70 75 74 6d 6f 64 65 22 2c 22 69 6e 74 65 67 72 69 74 79 22 2c 22 69 73 6d 61 70 22 2c 22 6b 69 6e 64 22 2c 22 6c 61 62 65 6c 22 2c 22 6c 61 6e 67 22 2c 22 6c 69
                                                                                                                                                                                      Data Ascii: ","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","li
                                                                                                                                                                                      2023-10-20 12:55:21 UTC11INData Raw: 22 2c 22 66 6f 6e 74 2d 77 65 69 67 68 74 22 2c 22 66 78 22 2c 22 66 79 22 2c 22 67 31 22 2c 22 67 32 22 2c 22 67 6c 79 70 68 2d 6e 61 6d 65 22 2c 22 67 6c 79 70 68 72 65 66 22 2c 22 67 72 61 64 69 65 6e 74 75 6e 69 74 73 22 2c 22 67 72 61 64 69 65 6e 74 74 72 61 6e 73 66 6f 72 6d 22 2c 22 68 65 69 67 68 74 22 2c 22 68 72 65 66 22 2c 22 69 64 22 2c 22 69 6d 61 67 65 2d 72 65 6e 64 65 72 69 6e 67 22 2c 22 69 6e 22 2c 22 69 6e 32 22 2c 22 6b 22 2c 22 6b 31 22 2c 22 6b 32 22 2c 22 6b 33 22 2c 22 6b 34 22 2c 22 6b 65 72 6e 69 6e 67 22 2c 22 6b 65 79 70 6f 69 6e 74 73 22 2c 22 6b 65 79 73 70 6c 69 6e 65 73 22 2c 22 6b 65 79 74 69 6d 65 73 22 2c 22 6c 61 6e 67 22 2c 22 6c 65 6e 67 74 68 61 64 6a 75 73 74 22 2c 22 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 22 2c
                                                                                                                                                                                      Data Ascii: ","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing",
                                                                                                                                                                                      2023-10-20 12:55:21 UTC13INData Raw: 22 77 69 64 74 68 22 2c 22 77 6f 72 64 2d 73 70 61 63 69 6e 67 22 2c 22 77 72 61 70 22 2c 22 77 72 69 74 69 6e 67 2d 6d 6f 64 65 22 2c 22 78 63 68 61 6e 6e 65 6c 73 65 6c 65 63 74 6f 72 22 2c 22 79 63 68 61 6e 6e 65 6c 73 65 6c 65 63 74 6f 72 22 2c 22 78 22 2c 22 78 31 22 2c 22 78 32 22 2c 22 78 6d 6c 6e 73 22 2c 22 79 22 2c 22 79 31 22 2c 22 79 32 22 2c 22 7a 22 2c 22 7a 6f 6f 6d 61 6e 64 70 61 6e 22 5d 29 2c 49 3d 69 28 5b 22 61 63 63 65 6e 74 22 2c 22 61 63 63 65 6e 74 75 6e 64 65 72 22 2c 22 61 6c 69 67 6e 22 2c 22 62 65 76 65 6c 6c 65 64 22 2c 22 63 6c 6f 73 65 22 2c 22 63 6f 6c 75 6d 6e 73 61 6c 69 67 6e 22 2c 22 63 6f 6c 75 6d 6e 6c 69 6e 65 73 22 2c 22 63 6f 6c 75 6d 6e 73 70 61 6e 22 2c 22 64 65 6e 6f 6d 61 6c 69 67 6e 22 2c 22 64 65 70 74 68 22
                                                                                                                                                                                      Data Ascii: "width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),I=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth"
                                                                                                                                                                                      2023-10-20 12:55:21 UTC14INData Raw: 3d 30 2c 6e 3d 41 72 72 61 79 28 65 2e 6c 65 6e 67 74 68 29 3b 74 3c 65 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 6e 5b 74 5d 3d 65 5b 74 5d 3b 72 65 74 75 72 6e 20 6e 7d 72 65 74 75 72 6e 20 41 72 72 61 79 2e 66 72 6f 6d 28 65 29 7d 76 61 72 20 4b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 6e 75 6c 6c 3a 77 69 6e 64 6f 77 7d 2c 56 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 28 76 6f 69 64 20 30 3d 3d 3d 65 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 47 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 65 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 6e 3d 6e 75 6c
                                                                                                                                                                                      Data Ascii: =0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}var K=function(){return"undefined"==typeof window?null:window},V=function(e,t){if("object"!==(void 0===e?"undefined":G(e))||"function"!=typeof e.createPolicy)return null;var n=nul
                                                                                                                                                                                      2023-10-20 12:55:21 UTC15INData Raw: 66 65 3d 72 2e 69 6d 70 6f 72 74 4e 6f 64 65 2c 6d 65 3d 7b 7d 3b 74 72 79 7b 6d 65 3d 77 28 6f 29 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 3f 6f 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 3a 7b 7d 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 64 65 3d 7b 7d 3b 6e 2e 69 73 53 75 70 70 6f 72 74 65 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 65 26 26 6c 65 26 26 76 6f 69 64 20 30 21 3d 3d 6c 65 2e 63 72 65 61 74 65 48 54 4d 4c 44 6f 63 75 6d 65 6e 74 26 26 39 21 3d 3d 6d 65 3b 76 61 72 20 70 65 3d 7a 2c 67 65 3d 48 2c 68 65 3d 55 2c 79 65 3d 6a 2c 76 65 3d 50 2c 62 65 3d 57 2c 54 65 3d 42 2c 41 65 3d 6e 75 6c 6c 2c 78 65 3d 53 28 7b 7d 2c 5b 5d 2e 63 6f 6e 63 61 74 28 71 28 6b 29 2c 71 28 45 29 2c 71 28 44 29 2c 71 28 52 29 2c 71 28 4d 29 29
                                                                                                                                                                                      Data Ascii: fe=r.importNode,me={};try{me=w(o).documentMode?o.documentMode:{}}catch(e){}var de={};n.isSupported="function"==typeof ne&&le&&void 0!==le.createHTMLDocument&&9!==me;var pe=z,ge=H,he=U,ye=j,ve=P,be=W,Te=B,Ae=null,xe=S({},[].concat(q(k),q(E),q(D),q(R),q(M))
                                                                                                                                                                                      2023-10-20 12:55:21 UTC17INData Raw: 53 28 7b 7d 2c 65 2e 46 4f 52 42 49 44 5f 54 41 47 53 29 3a 7b 7d 2c 6b 65 3d 22 46 4f 52 42 49 44 5f 41 54 54 52 22 69 6e 20 65 3f 53 28 7b 7d 2c 65 2e 46 4f 52 42 49 44 5f 41 54 54 52 29 3a 7b 7d 2c 42 65 3d 22 55 53 45 5f 50 52 4f 46 49 4c 45 53 22 69 6e 20 65 26 26 65 2e 55 53 45 5f 50 52 4f 46 49 4c 45 53 2c 45 65 3d 21 31 21 3d 3d 65 2e 41 4c 4c 4f 57 5f 41 52 49 41 5f 41 54 54 52 2c 44 65 3d 21 31 21 3d 3d 65 2e 41 4c 4c 4f 57 5f 44 41 54 41 5f 41 54 54 52 2c 4f 65 3d 65 2e 41 4c 4c 4f 57 5f 55 4e 4b 4e 4f 57 4e 5f 50 52 4f 54 4f 43 4f 4c 53 7c 7c 21 31 2c 52 65 3d 65 2e 53 41 46 45 5f 46 4f 52 5f 54 45 4d 50 4c 41 54 45 53 7c 7c 21 31 2c 5f 65 3d 65 2e 57 48 4f 4c 45 5f 44 4f 43 55 4d 45 4e 54 7c 7c 21 31 2c 46 65 3d 65 2e 52 45 54 55 52 4e 5f 44
                                                                                                                                                                                      Data Ascii: S({},e.FORBID_TAGS):{},ke="FORBID_ATTR"in e?S({},e.FORBID_ATTR):{},Be="USE_PROFILES"in e&&e.USE_PROFILES,Ee=!1!==e.ALLOW_ARIA_ATTR,De=!1!==e.ALLOW_DATA_ATTR,Oe=e.ALLOW_UNKNOWN_PROTOCOLS||!1,Re=e.SAFE_FOR_TEMPLATES||!1,_e=e.WHOLE_DOCUMENT||!1,Fe=e.RETURN_D
                                                                                                                                                                                      2023-10-20 12:55:21 UTC18INData Raw: 3d 3d 59 65 3f 22 73 76 67 22 3d 3d 3d 6e 26 26 28 22 61 6e 6e 6f 74 61 74 69 6f 6e 2d 78 6d 6c 22 3d 3d 3d 72 7c 7c 6e 74 5b 72 5d 29 3a 42 6f 6f 6c 65 61 6e 28 6f 74 5b 6e 5d 29 3b 69 66 28 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 3d 3d 3d 59 65 29 72 65 74 75 72 6e 20 74 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 3d 3d 3d 24 65 3f 22 6d 61 74 68 22 3d 3d 3d 6e 3a 74 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 3d 3d 3d 58 65 3f 22 6d 61 74 68 22 3d 3d 3d 6e 26 26 72 74 5b 72 5d 3a 42 6f 6f 6c 65 61 6e 28 69 74 5b 6e 5d 29 3b 69 66 28 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 3d 3d 3d 24 65 29 7b 69 66 28 74 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 3d 3d 3d 58 65 26 26 21 72 74 5b 72 5d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 2e 6e 61 6d 65 73 70 61 63 65 55 52
                                                                                                                                                                                      Data Ascii: ==Ye?"svg"===n&&("annotation-xml"===r||nt[r]):Boolean(ot[n]);if(e.namespaceURI===Ye)return t.namespaceURI===$e?"math"===n:t.namespaceURI===Xe?"math"===n&&rt[r]:Boolean(it[n]);if(e.namespaceURI===$e){if(t.namespaceURI===Xe&&!rt[r])return!1;if(t.namespaceUR
                                                                                                                                                                                      2023-10-20 12:55:21 UTC19INData Raw: 21 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 6e 6f 64 65 4e 61 6d 65 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 65 78 74 43 6f 6e 74 65 6e 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 26 26 65 2e 61 74 74 72 69 62 75 74 65 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 78 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 2e 69 6e 73 65
                                                                                                                                                                                      Data Ascii: !("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof x&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI&&"function"==typeof e.inse
                                                                                                                                                                                      2023-10-20 12:55:21 UTC21INData Raw: 53 61 6e 69 74 69 7a 65 45 6c 65 6d 65 6e 74 73 22 2c 65 2c 6e 75 6c 6c 29 2c 21 31 29 3a 28 6c 74 28 65 29 2c 21 30 29 7d 2c 67 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 48 65 26 26 28 22 69 64 22 3d 3d 3d 74 7c 7c 22 6e 61 6d 65 22 3d 3d 3d 74 29 26 26 28 6e 20 69 6e 20 6f 7c 7c 6e 20 69 6e 20 65 74 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 44 65 26 26 21 6b 65 5b 74 5d 26 26 54 28 68 65 2c 74 29 29 3b 65 6c 73 65 20 69 66 28 45 65 26 26 54 28 79 65 2c 74 29 29 3b 65 6c 73 65 7b 69 66 28 21 53 65 5b 74 5d 7c 7c 6b 65 5b 74 5d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 4b 65 5b 74 5d 29 3b 65 6c 73 65 20 69 66 28 54 28 54 65 2c 79 28 6e 2c 62 65 2c 22 22 29 29 29 3b 65 6c 73 65 20 69 66 28 22 73 72 63 22 21 3d 3d 74 26 26 22 78 6c 69 6e
                                                                                                                                                                                      Data Ascii: SanitizeElements",e,null),!1):(lt(e),!0)},gt=function(e,t,n){if(He&&("id"===t||"name"===t)&&(n in o||n in et))return!1;if(De&&!ke[t]&&T(he,t));else if(Ee&&T(ye,t));else{if(!Se[t]||ke[t])return!1;if(Ke[t]);else if(T(Te,y(n,be,"")));else if("src"!==t&&"xlin
                                                                                                                                                                                      2023-10-20 12:55:21 UTC22INData Raw: 6d 74 28 65 29 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 65 2e 74 6f 53 74 72 69 6e 67 29 74 68 72 6f 77 20 41 28 22 74 6f 53 74 72 69 6e 67 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 28 65 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 29 29 74 68 72 6f 77 20 41 28 22 64 69 72 74 79 20 69 73 20 6e 6f 74 20 61 20 73 74 72 69 6e 67 2c 20 61 62 6f 72 74 69 6e 67 22 29 7d 69 66 28 21 6e 2e 69 73 53 75 70 70 6f 72 74 65 64 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 47 28 74 2e 74 6f 53 74 61 74 69 63 48 54 4d 4c 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 2e 74 6f 53 74 61 74 69 63 48 54 4d 4c 29 7b 69 66 28 22 73 74 72 69 6e 67 22
                                                                                                                                                                                      Data Ascii: mt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!n.isSupported){if("object"===G(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"
                                                                                                                                                                                      2023-10-20 12:55:21 UTC23INData Raw: 26 28 64 65 5b 65 5d 3d 5b 5d 29 7d 2c 6e 2e 72 65 6d 6f 76 65 41 6c 6c 48 6f 6f 6b 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 3d 7b 7d 7d 2c 6e 7d 28 29 7d 29 29 3b 0a 2f 2f 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 70 75 72 69 66 79 2e 6d 69 6e 2e 6a 73 2e 6d 61 70 0a 0d 0a
                                                                                                                                                                                      Data Ascii: &(de[e]=[])},n.removeAllHooks=function(){de={}},n}()}));//# sourceMappingURL=purify.min.js.map
                                                                                                                                                                                      2023-10-20 12:55:21 UTC23INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      6192.168.2.649726104.118.8.139443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:23 UTC23OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                      Host: fs.microsoft.com
                                                                                                                                                                                      2023-10-20 12:55:23 UTC23INHTTP/1.1 200 OK
                                                                                                                                                                                      ApiVersion: Distribute 1.1
                                                                                                                                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                      Server: ECAcc (dcd/7D15)
                                                                                                                                                                                      X-CID: 11
                                                                                                                                                                                      Cache-Control: public, max-age=148110
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:23 GMT
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      X-CID: 2


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      7192.168.2.649727104.118.8.139443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:23 UTC24OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                      Range: bytes=0-2147483646
                                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                      Host: fs.microsoft.com
                                                                                                                                                                                      2023-10-20 12:55:24 UTC24INHTTP/1.1 200 OK
                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                      ApiVersion: Distribute 1.1
                                                                                                                                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                      X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                                                      Cache-Control: public, max-age=148157
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:24 GMT
                                                                                                                                                                                      Content-Length: 55
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      X-CID: 2
                                                                                                                                                                                      2023-10-20 12:55:24 UTC25INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      8192.168.2.64972840.127.169.103443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:33 UTC25OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R3YYkFgbftNNmRH&MD=FDvSN7GY HTTP/1.1
                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                                                      2023-10-20 12:55:33 UTC25INHTTP/1.1 200 OK
                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                      MS-CorrelationId: a6245073-b79a-41da-b08c-965b974ec13f
                                                                                                                                                                                      MS-RequestId: c6e62179-e12d-43b1-a2d8-e62be2155402
                                                                                                                                                                                      MS-CV: cVX329M2KUuLVV1F.0
                                                                                                                                                                                      X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:32 GMT
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Content-Length: 24490
                                                                                                                                                                                      2023-10-20 12:55:33 UTC26INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                      2023-10-20 12:55:33 UTC41INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                      9192.168.2.64973340.126.62.132443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                                      2023-10-20 12:55:54 UTC49OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                      Content-Length: 4718
                                                                                                                                                                                      Host: login.live.com
                                                                                                                                                                                      2023-10-20 12:55:54 UTC50OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                      2023-10-20 12:55:54 UTC54INHTTP/1.1 200 OK
                                                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                      Expires: Fri, 20 Oct 2023 12:54:54 GMT
                                                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                      x-ms-route-info: C107_BAY
                                                                                                                                                                                      x-ms-request-id: af04b57c-c445-4711-a6e9-5a125fc3cf2a
                                                                                                                                                                                      PPServer: PPV: 30 H: BY1PPF0D0E66FB9 V: 0
                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                      Date: Fri, 20 Oct 2023 12:55:54 GMT
                                                                                                                                                                                      Connection: close
                                                                                                                                                                                      Content-Length: 10197
                                                                                                                                                                                      2023-10-20 12:55:54 UTC55INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                      • File
                                                                                                                                                                                      • Registry

                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                      Start time:14:55:13
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                      Start time:14:55:15
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=2568,i,15340604483085259944,7161964218313129483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                      Start time:14:55:18
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:true
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                      Start time:14:55:47
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                      Commandline:C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" "sip:1124166264.rsm@m.webex.com
                                                                                                                                                                                      Imagebase:0x120000
                                                                                                                                                                                      File size:24'015'800 bytes
                                                                                                                                                                                      MD5 hash:EA37BE9C3560062AAD02B73D64B6E427
                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:false
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                      Start time:14:55:53
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe
                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe"
                                                                                                                                                                                      Imagebase:0xe30000
                                                                                                                                                                                      File size:14'653'352 bytes
                                                                                                                                                                                      MD5 hash:6AEAD656E50BC1B6E9BEA527187B5624
                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                      Start time:14:56:00
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
                                                                                                                                                                                      Imagebase:0x120000
                                                                                                                                                                                      File size:24'015'800 bytes
                                                                                                                                                                                      MD5 hash:EA37BE9C3560062AAD02B73D64B6E427
                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:false
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                      Start time:14:56:09
                                                                                                                                                                                      Start date:20/10/2023
                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
                                                                                                                                                                                      Imagebase:0x120000
                                                                                                                                                                                      File size:24'015'800 bytes
                                                                                                                                                                                      MD5 hash:EA37BE9C3560062AAD02B73D64B6E427
                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                      Has exited:false
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                      No disassembly