Windows Analysis Report
Service Desk - Please verify your Account!.eml

Overview

General Information

Sample name:	Service Desk - Please verify your Account!.eml
Analysis ID:	1467097
MD5:	2ee1512b75a6eb7d0cfec26e59498a87
SHA1:	fcf3bfb4cdd0fe0632fcfd8cd5f6179bacf1befc
SHA256:	af32d2f5c0a94a306690a1aec136243fc3d9a525b20632d68101f1dda92a551b
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish57

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/js/external/popper.min.js	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://certified-domain.cloudsurveillance.net	LLM: Score: 8 brands: Reasons: The URL 'https://certified-domain.cloudsurveillance.net' is suspicious due to the use of a subdomain and a non-standard top-level domain (TLD) which is often used in phishing attacks. The webpage prominently features a login form asking for email and password without any branding or additional context, which is a common tactic in phishing sites. The lack of a CAPTCHA further raises suspicion as legitimate sites often use CAPTCHA to prevent automated attacks. The domain 'cloudsurveillance.net' does not correspond to any well-known brand, and the use of 'certified-domain' as a subdomain is a social engineering technique to mislead users into thinking the site is legitimate. Therefore, based on these observations, the site is likely a phishing site. DOM: 0.0.pages.csv
Source: https://player.vimeo.com	LLM: Score: 7 brands: Vimeo Reasons: The URL 'https://player.vimeo.com' appears to be a legitimate subdomain of Vimeo, a well-known video hosting platform. However, the login form displayed in the image does not match the typical design and branding of Vimeo's login pages. The form is generic and lacks any branding or logos that would typically be present on a legitimate Vimeo login page. This discrepancy, combined with the presence of a prominent login form, suggests the use of social engineering techniques to mislead users into entering their credentials. Therefore, despite the legitimate-looking URL, the site is likely a phishing site. DOM: 3.4.pages.csv

Yara detected HtmlPhish57

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_119, type: DROPPED

Found iframes

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722

HTML body contains low number of good links

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal

HTML title does not match URL

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: Title: does not match URL

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: <input type="password" .../> found

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F	HTTP Parser: No favicon

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.144:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49778 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.17:49717 -> 1.1.1.1:53

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 151.101.64.217 151.101.64.217
Source: Joe Sandbox View	IP Address: 146.75.118.109 146.75.118.109
Source: Joe Sandbox View	IP Address: 151.101.192.217 151.101.192.217
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SbBg58W+xeamAoo&MD=W21fK6dr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /c361b6b574eaf9adb2fe8b6265ab571605542f7f HTTP/1.1Host: service-noreply.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9eeaa59b-909b-44da-89eb-fd0d929d008c HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /js/external/jquery-3.3.1.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/popper.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/bootstrap.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/vimeo.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAad2EE00hv9%2B3VQIdgEwOqPMsv2tiH5XFm1vo0DuND9DV8CE3tcN%2BRx0YrnYEWh6fMXQAbAQSTBvbLxMCIHIK87MAgFwjuPzELp9r5dSz2/%2BY9K0DMk6NLGaj3LQs%2BqyfvkLNp3%2BCqSyeClXAsNFO%2BPTsETB8LAMT3ar5ImhYwYqWtc5EI%2BkWYy7BadA2W5XJ2EO2gwhA9TKiLkCjYwMvjxcHGNoGmPK/EA6bbfRfddOnoSGk0v43%2BdYQWMd3tTrjRDw97scwXbTZRfzpG2Lki1yW3W1xeVIkE/ELDnc3OtWjRHti0Z2IiFg3DuvW5y/aYwn94n4biQ2ocQeehFmNFQDZgAACKQMqZ0DB8saqAESC62n9WbS9l2iIhCan%2B4kLlErxXGttsAr0EGOZq2FzrPLG4mVPC1GVwlRYiAM6RJhYHE0bsgdLMPrbCBIcwf7EEs9SO36XeFcMwNPhFA6w7sJuJOnBGfNeg4te8ML49TqQnuub3n2LsHQwa6zGTCjqqC9DaxMaw6%2BkRVB9zHgorLPfbNFfjljk616OKEiOTLE%2Br0QJ%2BhhRRyS8qIdGbuMF3jE7vvBYV3BM9%2B0IeApMhPqY3KtM2csTmw8ljJVm3%2Bq%2B1QlWMSdvt3VxmQgP9tfyjGju/IH6WoEYenR4rZO4hs6M6P8jyTwttK/eiMt5KMETBsZibLkXyHO7o2DhfCYeSDTMpaYshctVbZmCi2u45mNgyN7pa/eEndVKrxrJGPTdjOy2%2B0Lga/WKHjDer9S/nBSdb7jusdy2xYBnpUsJgtCmy7NN0HdqSVXypfHOrBQTgNOzaXAnSqBDE0oPvTC/6IIRHqFhISVInJLZ7vdO7kymee7SYUFxmxymb6R7D%2BqczwSvMgQ8Hh4mFCwQYayUII3ovq%2B7WhhSvMRyM9VJMfIceGL6pbd1wE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1720020886User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 1FDCDDA7E56743DEB8C9199704826469X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=turnstileLoad HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/d2a97f6b6ec9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f12a3b46330c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f1342b040f83 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/241012880:1720015859:kkF0OCqmMSLGEktS3D8RisR-2HYCyCkcz2JvdKGWaV4/89d7f1342b040f83/cb9c1cbf7db5b2d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/89d7f1342b040f83/1720020894753/ea1770138270f94d94067ed79291a2ddd5bbccbd6cd6051a50b978c42caaa22b/ft-3sMJRFkk54_n HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/241012880:1720015859:kkF0OCqmMSLGEktS3D8RisR-2HYCyCkcz2JvdKGWaV4/89d7f1342b040f83/cb9c1cbf7db5b2d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/js/player.module.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://player.vimeo.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/js/vendor.module.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://player.vimeo.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=80&q=85 HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/css/player.css HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=80&q=85 HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js_opt/modules/utils/vuid.min.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9eeaa59b-909b-44da-89eb-fd0d929d008c HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SbBg58W+xeamAoo&MD=W21fK6dr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394 HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394 HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /submit/c361b6b574eaf9adb2fe8b6265ab571605542f7f HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6InI1dDJkNERybk41bFlSSDcwcGFML2c9PSIsInZhbHVlIjoiTWhnbENUWnVqQ09qN3F5THlWY25XQ2F1YWgzejRhdlBRZFNlMzVJTnozZm9VeWRzVEI1UG5ZZEtnQklxeTZWd2tjVjlZTC8xbmxGTi9XeEUvVE54YXRYU1RhNExEbVdvVVVTZUFBRXJxV2lrWk9pSnJ4aG1rZTVOcWhUVEQramEiLCJtYWMiOiI2ZjYzYmNmMGFjYTkzNTBmYmYwNDc4NDI4MmVkZDllNDM1MTdiNTk1ZjEzYzJjYTRkN2IxMGFlZThlNWFjMDQyIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: service-noreply.info
Source: global traffic	DNS traffic detected: DNS query: certified-domain.cloudsurveillance.net
Source: global traffic	DNS traffic detected: DNS query: player.vimeo.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: fresnel.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: i.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: f.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: vimeo.com
Source: global traffic	DNS traffic detected: DNS query: vod-adaptive-ak.vimeocdn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:34:55 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: rbI9sZfX92KrwstTtX79zA==$5NzBFdJ4SLjsgfoGxIkhRg==Server: cloudflareCF-RAY: 89d7f146094943f7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:35:00 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: aEEiJGD4oamRbGAbXirc9g==$iU9xeC5Nj3LnhqsGZ1TzJw==Server: cloudflareCF-RAY: 89d7f1612eab8c1d-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:35:32 GMTContent-Type: application/jsonTransfer-Encoding: chunkedConnection: closeServer: nginxCache-Control: no-cache, privateSet-Cookie: XSRF-TOKEN=eyJpdiI6IklMSmNKV21xa3dIdDZvU2JQODVGbXc9PSIsInZhbHVlIjoicEhkM2hGcVlOSUQ5R21xVEs1NXdQTmRORFpUZ2RjaitWWnVZUVBiQklYNUZ5emZGN1ZFMUE5ZmhRQmduMFBvSytnYjY3Q2haN0VDTkpXQkMrbFdNblJrQ0JHbVcwQWt3b04ydTNaOHovQ3dpSW9RR09BUngyNWptWW5ydFZvRXciLCJtYWMiOiI3YjZkYzE0NTljZGNjYTRmOGE4NTE1ZjYxMTg0Yzg5NzE0MTFjOGJhZjU0NTRmYTcyZjE1NTBlYzFmZDJlZjRhIiwidGFnIjoiIn0%3D; expires=Wed, 03 Jul 2024 17:35:32 GMT; Max-Age=7200; path=/; samesite=laxSet-Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; expires=Wed, 03 Jul 2024 17:35:32 GMT; Max-Age=7200; path=/; httponly; samesite=lax

Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.aadrm.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.onedrive.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.scheduler.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://app.powerbi.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.entity.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/jquery-3.3.1.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/popper.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cortana.ai/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cr.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://d.docs.live.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://directory.services.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.windows.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.windows.net/
Source: chromecache_113.8.dr	String found in binary or memory: https://help.vimeo.com/hc/en-us/articles/115015677227-Troubleshoot-player-error-messages
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://invites.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.local
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://management.azure.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://management.azure.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officeapps.live.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: chromecache_113.8.dr, chromecache_114.8.dr	String found in binary or memory: https://player.vimeo.com/NOTICE.txt
Source: chromecache_119.8.dr	String found in binary or memory: https://player.vimeo.com/video/316118722
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265a=
Source: ~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp.0.dr	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f=
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/image/c361b6b574eaf9adb2fe8b6265ab=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://service.powerapps.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://settings.outlook.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://support.zendesk1.com/auth/v2/login/signin?retu=
Source: ~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp.0.dr	String found in binary or memory: https://support.zendesk1.com/auth/v2/login/signin?return_to=https%3A%2F%2Fsupport.zendesk.com%2F&the
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://tasks.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: chromecache_105.8.dr	String found in binary or memory: https://vimeo.com/
Source: chromecache_117.8.dr	String found in binary or memory: https://vimeo.com/ablincoln/vuid
Source: chromecache_105.8.dr	String found in binary or memory: https://vimeo.com/api/oembed.json?url=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.144:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49778 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winEML@29/68@30/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1134240707-5980.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Service Desk - Please verify your Account!.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4DB382AA-9CF7-4B0F-B694-AFE8613678B8" "DCFA8FFF-E2DF-40B9-8F92-B340B9B00730" "5980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,16825308507331499111,4604762926170312255,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,4678980704979854347,7524290499172280703,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4DB382AA-9CF7-4B0F-B694-AFE8613678B8" "DCFA8FFF-E2DF-40B9-8F92-B340B9B00730" "5980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,16825308507331499111,4604762926170312255,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,4678980704979854347,7524290499172280703,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.208.118.114	service-noreply.info	United States	14618	AMAZON-AESUS	false
151.101.64.217	unknown	United States	54113	FASTLYUS	false
146.75.118.109	vimeo-video.map.fastly.net	Sweden	30051	SCCGOVUS	false
151.101.192.217	vimeo.map.fastly.net	United States	54113	FASTLYUS	false
34.120.202.204	fresnel.vimeocdn.com	United States	15169	GOOGLEUS	false
44.193.44.29	unknown	United States	14618	AMAZON-AESUS	false
34.225.136.154	certified-domain.cloudsurveillance.net	United States	14618	AMAZON-AESUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.4

Contacted Domains

Name	IP	Active
vimeo.map.fastly.net	151.101.192.217	true
fresnel.vimeocdn.com	34.120.202.204	true
certified-domain.cloudsurveillance.net	34.225.136.154	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.250.186.100	true
service-noreply.info	18.208.118.114	true
vimeo.com	162.159.138.60	true
vimeo-video.map.fastly.net	146.75.118.109	true
vod-adaptive-ak.vimeocdn.com	unknown	unknown
f.vimeocdn.com	unknown	unknown
player.vimeo.com	unknown	unknown
i.vimeocdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normal	false	Avira URL Cloud: safe	unknown
https://f.vimeocdn.com/p/4.34.4/js/vendor.module.js	false	Avira URL Cloud: safe	unknown
https://f.vimeocdn.com/p/4.34.4/css/player.css	false	Avira URL Cloud: safe	unknown
https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js	true	Avira URL Cloud: phishing	unknown
https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=turnstileLoad	false	Avira URL Cloud: safe	unknown
https://certified-domain.cloudsurveillance.net/js/external/popper.min.js	true	Avira URL Cloud: phishing	unknown
https://certified-domain.cloudsurveillance.net/c361b6b574eaf9adb2fe8b6265ab571605542f7f	true	Avira URL Cloud: phishing	unknown
https://i.vimeocdn.com/video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394	false	Avira URL Cloud: safe	unknown
https://fresnel.vimeocdn.com/add/player-stats?beacon=1&session-id=f97555e92db49319d4f7d300d8a8277c8aa00ec11720020900	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	URL Reputation: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f12a3b46330c	false	Avira URL Cloud: safe	unknown
https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js	true	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f1342b040f83	false	Avira URL Cloud: safe	unknown

AV Detection

Antivirus detection for URL or domain

Source: https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/js/external/popper.min.js	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net	Avira URL Cloud: Label: phishing
Source: https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://certified-domain.cloudsurveillance.net	LLM: Score: 8 brands: Reasons: The URL 'https://certified-domain.cloudsurveillance.net' is suspicious due to the use of a subdomain and a non-standard top-level domain (TLD) which is often used in phishing attacks. The webpage prominently features a login form asking for email and password without any branding or additional context, which is a common tactic in phishing sites. The lack of a CAPTCHA further raises suspicion as legitimate sites often use CAPTCHA to prevent automated attacks. The domain 'cloudsurveillance.net' does not correspond to any well-known brand, and the use of 'certified-domain' as a subdomain is a social engineering technique to mislead users into thinking the site is legitimate. Therefore, based on these observations, the site is likely a phishing site. DOM: 0.0.pages.csv
Source: https://player.vimeo.com	LLM: Score: 7 brands: Vimeo Reasons: The URL 'https://player.vimeo.com' appears to be a legitimate subdomain of Vimeo, a well-known video hosting platform. However, the login form displayed in the image does not match the typical design and branding of Vimeo's login pages. The form is generic and lacks any branding or logos that would typically be present on a legitimate Vimeo login page. This discrepancy, combined with the presence of a prominent login form, suggests the use of social engineering techniques to mislead users into entering their credentials. Therefore, despite the legitimate-looking URL, the site is likely a phishing site. DOM: 3.4.pages.csv

Yara detected HtmlPhish57

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_119, type: DROPPED

Found iframes

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: Iframe src: https://player.vimeo.com/video/316118722

HTML body contains low number of good links

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal

HTML title does not match URL

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: Title: does not match URL

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c

HTTP Parser: <input type="password" .../> found

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F	HTTP Parser: No favicon
Source: https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F	HTTP Parser: No favicon

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="author".. found

Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found
Source: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.144:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49778 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.17:49717 -> 1.1.1.1:53

HTTP GET or POST without a user agent

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 151.101.64.217 151.101.64.217
Source: Joe Sandbox View	IP Address: 146.75.118.109 146.75.118.109
Source: Joe Sandbox View	IP Address: 151.101.192.217 151.101.192.217
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SbBg58W+xeamAoo&MD=W21fK6dr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /c361b6b574eaf9adb2fe8b6265ab571605542f7f HTTP/1.1Host: service-noreply.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9eeaa59b-909b-44da-89eb-fd0d929d008c HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /js/external/jquery-3.3.1.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/popper.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/bootstrap.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /js/external/vimeo.min.js HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpsWElxcGhidHNxWTVmRUFrRFlIZFE9PSIsInZhbHVlIjoiS0pkQVJIMmpRT0RBS3FML1JGRytZZ3ZVR0RxaFV6QWpPcTZQWUptVTRqUC9sK2dzVGVwaVp3aS9YYnRRUkNobjF4MW5mVFVkR0ZCemE4NHFYU2k0cFhyeDZ3WklLQWZNQTJ6THNwNVpSV1o5QldKbW1HbDJwTFRReEVZRXZmdDQiLCJtYWMiOiJhNjdlMGEyNzMxMGZiMzU1ZTE5ZDIyNmFjODQ2YWE4YmNlNGU0NGMwMjU5NDYyNmU1ZTBjNmZhZGI5ZTFjNjFhIiwidGFnIjoiIn0%3D; bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAad2EE00hv9%2B3VQIdgEwOqPMsv2tiH5XFm1vo0DuND9DV8CE3tcN%2BRx0YrnYEWh6fMXQAbAQSTBvbLxMCIHIK87MAgFwjuPzELp9r5dSz2/%2BY9K0DMk6NLGaj3LQs%2BqyfvkLNp3%2BCqSyeClXAsNFO%2BPTsETB8LAMT3ar5ImhYwYqWtc5EI%2BkWYy7BadA2W5XJ2EO2gwhA9TKiLkCjYwMvjxcHGNoGmPK/EA6bbfRfddOnoSGk0v43%2BdYQWMd3tTrjRDw97scwXbTZRfzpG2Lki1yW3W1xeVIkE/ELDnc3OtWjRHti0Z2IiFg3DuvW5y/aYwn94n4biQ2ocQeehFmNFQDZgAACKQMqZ0DB8saqAESC62n9WbS9l2iIhCan%2B4kLlErxXGttsAr0EGOZq2FzrPLG4mVPC1GVwlRYiAM6RJhYHE0bsgdLMPrbCBIcwf7EEs9SO36XeFcMwNPhFA6w7sJuJOnBGfNeg4te8ML49TqQnuub3n2LsHQwa6zGTCjqqC9DaxMaw6%2BkRVB9zHgorLPfbNFfjljk616OKEiOTLE%2Br0QJ%2BhhRRyS8qIdGbuMF3jE7vvBYV3BM9%2B0IeApMhPqY3KtM2csTmw8ljJVm3%2Bq%2B1QlWMSdvt3VxmQgP9tfyjGju/IH6WoEYenR4rZO4hs6M6P8jyTwttK/eiMt5KMETBsZibLkXyHO7o2DhfCYeSDTMpaYshctVbZmCi2u45mNgyN7pa/eEndVKrxrJGPTdjOy2%2B0Lga/WKHjDer9S/nBSdb7jusdy2xYBnpUsJgtCmy7NN0HdqSVXypfHOrBQTgNOzaXAnSqBDE0oPvTC/6IIRHqFhISVInJLZ7vdO7kymee7SYUFxmxymb6R7D%2BqczwSvMgQ8Hh4mFCwQYayUII3ovq%2B7WhhSvMRyM9VJMfIceGL6pbd1wE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1720020886User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 1FDCDDA7E56743DEB8C9199704826469X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=turnstileLoad HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/d2a97f6b6ec9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f12a3b46330c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f1342b040f83 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/241012880:1720015859:kkF0OCqmMSLGEktS3D8RisR-2HYCyCkcz2JvdKGWaV4/89d7f1342b040f83/cb9c1cbf7db5b2d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/89d7f1342b040f83/1720020894753/ea1770138270f94d94067ed79291a2ddd5bbccbd6cd6051a50b978c42caaa22b/ft-3sMJRFkk54_n HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/241012880:1720015859:kkF0OCqmMSLGEktS3D8RisR-2HYCyCkcz2JvdKGWaV4/89d7f1342b040f83/cb9c1cbf7db5b2d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/js/player.module.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://player.vimeo.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/js/vendor.module.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://player.vimeo.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=80&q=85 HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/4.34.4/css/player.css HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=80&q=85 HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js_opt/modules/utils/vuid.min.js HTTP/1.1Host: f.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /9eeaa59b-909b-44da-89eb-fd0d929d008c HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6IjJUV2RrdWhySlJyRlZvZ014VGsxamc9PSIsInZhbHVlIjoiNm0za1l0dWVxcUduWVlUOGVOc21kdGxhRzhQU3pwVXhldFJacHRJK3BtMGlDa3hUM1NmQW9McnRJeDVQS2tvUUhkcTE0MHg2WjJDTm54Wkd2ME40bVdGdDZqU0tjazJ5bmRIb3JyanA2dXR4UjIrbHJQQ29CZnREREVvMnE5VTkiLCJtYWMiOiJlMmM3ZDc0ZDlmYmM1NjgzODJhOTM0NTkzZjcxYTE0MTE1NjU2OWM0NGVhMmJiNTk4MDRjNzkxNmRmM2I2OTY5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SbBg58W+xeamAoo&MD=W21fK6dr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394 HTTP/1.1Host: i.vimeocdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://player.vimeo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394 HTTP/1.1Host: i.vimeocdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /submit/c361b6b574eaf9adb2fe8b6265ab571605542f7f HTTP/1.1Host: certified-domain.cloudsurveillance.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; XSRF-TOKEN=eyJpdiI6InI1dDJkNERybk41bFlSSDcwcGFML2c9PSIsInZhbHVlIjoiTWhnbENUWnVqQ09qN3F5THlWY25XQ2F1YWgzejRhdlBRZFNlMzVJTnozZm9VeWRzVEI1UG5ZZEtnQklxeTZWd2tjVjlZTC8xbmxGTi9XeEUvVE54YXRYU1RhNExEbVdvVVVTZUFBRXJxV2lrWk9pSnJ4aG1rZTVOcWhUVEQramEiLCJtYWMiOiI2ZjYzYmNmMGFjYTkzNTBmYmYwNDc4NDI4MmVkZDllNDM1MTdiNTk1ZjEzYzJjYTRkN2IxMGFlZThlNWFjMDQyIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: service-noreply.info
Source: global traffic	DNS traffic detected: DNS query: certified-domain.cloudsurveillance.net
Source: global traffic	DNS traffic detected: DNS query: player.vimeo.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: fresnel.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: i.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: f.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: vimeo.com
Source: global traffic	DNS traffic detected: DNS query: vod-adaptive-ak.vimeocdn.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:34:55 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: rbI9sZfX92KrwstTtX79zA==$5NzBFdJ4SLjsgfoGxIkhRg==Server: cloudflareCF-RAY: 89d7f146094943f7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:35:00 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: aEEiJGD4oamRbGAbXirc9g==$iU9xeC5Nj3LnhqsGZ1TzJw==Server: cloudflareCF-RAY: 89d7f1612eab8c1d-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:35:32 GMTContent-Type: application/jsonTransfer-Encoding: chunkedConnection: closeServer: nginxCache-Control: no-cache, privateSet-Cookie: XSRF-TOKEN=eyJpdiI6IklMSmNKV21xa3dIdDZvU2JQODVGbXc9PSIsInZhbHVlIjoicEhkM2hGcVlOSUQ5R21xVEs1NXdQTmRORFpUZ2RjaitWWnVZUVBiQklYNUZ5emZGN1ZFMUE5ZmhRQmduMFBvSytnYjY3Q2haN0VDTkpXQkMrbFdNblJrQ0JHbVcwQWt3b04ydTNaOHovQ3dpSW9RR09BUngyNWptWW5ydFZvRXciLCJtYWMiOiI3YjZkYzE0NTljZGNjYTRmOGE4NTE1ZjYxMTg0Yzg5NzE0MTFjOGJhZjU0NTRmYTcyZjE1NTBlYzFmZDJlZjRhIiwidGFnIjoiIn0%3D; expires=Wed, 03 Jul 2024 17:35:32 GMT; Max-Age=7200; path=/; samesite=laxSet-Cookie: bpid_lp_session=AAP2bipBG5bX1MEkGGNeQZ5AvPb5M2ymIipuSoiA; expires=Wed, 03 Jul 2024 17:35:32 GMT; Max-Age=7200; path=/; httponly; samesite=lax

Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.aadrm.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.onedrive.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://api.scheduler.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://app.powerbi.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.entity.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/jquery-3.3.1.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/popper.min.js
Source: chromecache_119.8.dr	String found in binary or memory: https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cortana.ai/api
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://cr.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://d.docs.live.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://directory.services.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.windows.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://graph.windows.net/
Source: chromecache_113.8.dr	String found in binary or memory: https://help.vimeo.com/hc/en-us/articles/115015677227-Troubleshoot-player-error-messages
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://invites.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.local
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://management.azure.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://management.azure.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://messaging.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officeapps.live.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: chromecache_113.8.dr, chromecache_114.8.dr	String found in binary or memory: https://player.vimeo.com/NOTICE.txt
Source: chromecache_119.8.dr	String found in binary or memory: https://player.vimeo.com/video/316118722
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265a=
Source: ~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp.0.dr	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f=
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://service-noreply.info/image/c361b6b574eaf9adb2fe8b6265ab=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://service.powerapps.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://settings.outlook.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: Service Desk - Please verify your Account!.eml	String found in binary or memory: https://support.zendesk1.com/auth/v2/login/signin?retu=
Source: ~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp.0.dr	String found in binary or memory: https://support.zendesk1.com/auth/v2/login/signin?return_to=https%3A%2F%2Fsupport.zendesk.com%2F&the
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://tasks.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: chromecache_105.8.dr	String found in binary or memory: https://vimeo.com/
Source: chromecache_117.8.dr	String found in binary or memory: https://vimeo.com/ablincoln/vuid
Source: chromecache_105.8.dr	String found in binary or memory: https://vimeo.com/api/oembed.json?url=
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: B526F1CD-9D11-4AF3-B061-3462913F8AB4.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.144:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49778 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winEML@29/68@30/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1134240707-5980.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Service Desk - Please verify your Account!.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4DB382AA-9CF7-4B0F-B694-AFE8613678B8" "DCFA8FFF-E2DF-40B9-8F92-B340B9B00730" "5980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,16825308507331499111,4604762926170312255,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,4678980704979854347,7524290499172280703,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4DB382AA-9CF7-4B0F-B694-AFE8613678B8" "DCFA8FFF-E2DF-40B9-8F92-B340B9B00730" "5980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,16825308507331499111,4604762926170312255,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,4678980704979854347,7524290499172280703,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1467097
Product:	CloudBasic
Start time:	17:33:53
Start date:	03.07.2024
Sample:	Service Desk - Please verify your Account!.eml
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2ee1512b75a6eb7d0cfec26e59498a87
SHA1:	fcf3bfb4cdd0fe0632fcfd8cd5f6179bacf1befc
SHA256:	af32d2f5c0a94a306690a1aec136243fc3d9a525b20632d68101f1dda92a551b
Filetype:	Text - UTF-8 encoded (3003/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	CFEC923501FF3792FA2322636CEE9282	7A9D0419B73ACF699C59570CBEBB610CD9B947AD	3489613CACEB0386624EEC4F2809161AF822E8621B363CA68A66D9A219EE4A19
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin	ASCII text, with very long lines (65536), with no line terminators	CC90D669144261B198DEAD45AA266572	EF164048A8BC8BD3A015CF63E78BDAC720071305	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin	ASCII text, with no line terminators	1249CA201A85CD5F011BAD91FAC3483C	01920BDAFD0AF80D607C9D3EF238AD9028078147	3D56A36D17929E662CCA6FC03A8CF7D9131320C80C7E2D0FD054347D1427885C
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B526F1CD-9D11-4AF3-B061-3462913F8AB4	XML 1.0 document, ASCII text, with CRLF line terminators	22CCAC486121FBACAD05988A5FD1BC06	2481A64F23B48500E6C178B14F9FF79329D39D66	E2A4B692770DA1BFCDFCB0DBADD07B369420DDEB16E838D50BA9006CC8C758E7
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	575A3A6BD8B59FB805B734F109D495AF	9EC36646B9FCB29E40D6A90DFB950096394C9276	DF89FEEBC64643FCEFE869F3CABA3900FAD8BD46F8DEEC4C2DD5A4225900A28D
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	B748E2E639F417FEB8964D9E5B73331C	CBA9B0FD08327F37BCBC46068455FBF37EA4FBF3	4EF9F2B170C26ED643C909E7E96AC4125B44347E412FDFDF4885443224665524
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8A767E77-70E3-446B-AA49-E5C8A08C1C63}.tmp	data	512547758B9AD18E774019D85AA750EE	3E28C96D42BE221E7A69AD54F12E5DDC0AAF90B6	EDF6BEB391D9D85723E648D9A4D7B2E2E469B2F34E73719D86759EF530C78755
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp	data	99159DDD34E59F9DCFFA073B42ACC5DC	46DDCD8784E3C225D990D4498F60854F88FC4849	E18E6FF74F38A9616562CE7F8736B14AC0102854BBF90743D461B34EA6D9F4EF
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720020872003612300_788488EE-0110-416F-BC2C-501233654F4B.log	ASCII text, with very long lines (28799), with CRLF line terminators	7EED36601E359207FD677C3D1222620C	6AEEA8377C63340A355E4324136FDD82783046FB	8A57D428AEFB6097FDA85505C0AEB32D3E2C83F173903EFA9CFBF4B0E542F110
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720020872004348200_788488EE-0110-416F-BC2C-501233654F4B.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1134240707-5980.etl	data	6345C416B311C6BD4D5B851ED111823D	B3ED6B2E16D0B48AFA4A9BE2CDCDF0AB11664C16	FC70F93946736AC01522C54CE71CF2C52103BD7E41CA3A8603277D96D8C8BC52
C:\Users\user\AppData\Local\Temp\msoB5DD.tmp	GIF image data, version 89a, 15 x 15	ED3C1C40B68BA4F40DB15529D5443DEC	831AF99BB64A04617E0A42EA898756F9E0E0BCCA	039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
C:\Users\user\AppData\Local\Temp\~DF03D252FC0DEF7077.TMP	Composite Document File V2 Document, Cannot read section info	679672A5004E0AF50529F33DB5469699	427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0	205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
C:\Users\user\AppData\Local\Temp\~DF062704B4AE1E5121.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	048E2AB7D582E3738CD56124F419D66E	AEDCF8D507CC62E16DC9525F4F48163D67D9F14F	A2239FD340394DE29429DB758C975F2C5824B7E1D080C62E5E98BCB3DBD86091
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs	Composite Document File V2 Document, Cannot read section info	D86C9DB7D380D78CF82CD611DB9EBB97	BCC3395A7EDAB6DEA0A98234350991737992ACA4	49CBEACDF9CD8BF02C4D7FDAD54FAD95A21D24ABCBBA5CE9C5CCDF48B3FA48CE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	72D84F7F0FDBDA1DCD665BF4A1B5EAF3	804821B1A31697F19F8C9BCEBEA7A4A70E9ECE67	930F45133D2725D5842EFAD274A9B65B6F43FACCC463A704F3CB3CEC39E115FB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	6CD416E1638DDD1B23699107508E4FC7	DE79C7A98257F800B18A1EFDA798F5BCB718B15F	E4A46019882BB1DA50C5D12A1D617AAF396D48AC8AFAF3BBB3D382270F40150E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	27868772397FE51589498A4EF9252ACA	DBB79EDDDCB9A9FC0E40029F8E6BE83B9D231F02	AE144FC3166EC387DD275657A97DBCEF878A41B0E7448A8B0AAC2FD14023196A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	F5F1BF359F8D3A186448A5F2D904F1D3	36C3F5D9A740C248D0ACA4D3F15B5CE394A17308	377532AC6DD9CE0F839AFA7C3741686DC6CD0131E0E5FF65BFB7BB8F5312A8FE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1BDD67C651140924433AE4848EA51917	B384A564DB463C45266BB4473AD3B9D1F8E27284	110F8BE82D60C46CBE993F8EA56F6C19CDA9F9B917D1DF1AC5B2CA552B955390
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	46B31950ACA64425A26DD8812055571B	BBCA77E18953AD890D3622F8D11D28CD83B04349	6CE5DF61706AACB0A332803D1B141D8A95615C3D6573366B6CD7E7FDB5C68642
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	64A16C449ACD1F3167831F2D12D4BDA4	8C48F1D98EF80DFE754236DCDD2E772F9F2211BA	CCFA8100B413D8DC09677877A2B9DD1FBFEB33FAB97472CAC55D747DB3D3444C
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	BA5ADBF6CCD2D9CCE681D8BCFD7FAF6B	E9F231F04D429641E3AFD6115C6D1B413610BDB1	754656CFCD7A3EED0BEFE4B70CC2DE0784F3ED88B078D4A6F29AB027520F9019
Chrome Cache Entry: 100	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 101	ASCII text, with very long lines (2717)	05345F56355FA8421E88B29947743EF5	C2652FD719B401718457C94BC3292D3204699D00	A2BDD8CB01353D4ED2A9AB4C7D7C263225F6908AA875614D015A2F39956D9D73
Chrome Cache Entry: 102	ASCII text, with no line terminators	3C560E159387506A5D1BC9A088BC017C	AB8A05AB519E9A1DEDC740E540849CE0F3E2202A	2DD76014791AE57281D085C683F9631BF322513E069F863195A2CF77A962312C
Chrome Cache Entry: 103	PNG image data, 87 x 14, 8-bit/color RGB, non-interlaced	F690123F7D68AF49314AB4146A4CE5C9	6768A817D39C48FEF83C5ADD0EBBB8B4D9204081	2B43181C1F539DE5E0122A1EFAA07C1AEB438BBE3A311D0B8020268D5F485748
Chrome Cache Entry: 104	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x45, components 3	03766EB22AD176E272F2D2F6C5DD7F1C	0B241203F5589ACD7F0C79EFC9EC2DD033AF19AE	A29DF473C01A82F90F7B073809FDF8C387AFBFB76FB6EB9080EDFF21B16990A5
Chrome Cache Entry: 105	Unicode text, UTF-8 text, with very long lines (19095)	AB6382B12335C91B31C752FDB4174D5C	EF7F08821F4DD580ADCA4F121F90E6E45EC9C7DD	BECCBD3E79B2D41BEA5F3A0C7005810415D08F6224E7EAD28913A2F49E8B5125
Chrome Cache Entry: 106	Unicode text, UTF-8 text, with very long lines (65460)	9F264566D7DDD23FEF8ED4BEABE1860D	8D328100557AC78C587C60E5C4E8581A77442FD6	B99285911C88D18E1B2084CE286992FD5A2744C744F74969F8E52AB34FB625A8
Chrome Cache Entry: 107	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 108	ASCII text, with very long lines (42690)	985094F1486391033426C17505182792	D44FF6BEF2E3D9B2F6DEAA0170458B1AE39350D4	14B108C7F687C327D6AA759FD1D255A981D5D505B241B5B968B674E3BF50B2B9
Chrome Cache Entry: 109	ASCII text, with no line terminators	66EEC6BC0DDFE3CF8DDAD7021575856E	19FA6B34961D13B107F0227382FB8487EB985466	4D01709FCD599118652E3B27BD0CA97C802F832183D01F76A034755F2BC62FA3
Chrome Cache Entry: 110	ASCII text, with very long lines (3537)	F0A9F2F65F95B61810777606051EE17D	872BF131CB4BEFD0242339F072F2F9B9FBF8019F	9CDF2602AC04F7E2BED582D4299C73D464FC4AB069E3AD5A20EE2B6635A015B8
Chrome Cache Entry: 111	PNG image data, 87 x 14, 8-bit/color RGB, non-interlaced	F690123F7D68AF49314AB4146A4CE5C9	6768A817D39C48FEF83C5ADD0EBBB8B4D9204081	2B43181C1F539DE5E0122A1EFAA07C1AEB438BBE3A311D0B8020268D5F485748
Chrome Cache Entry: 112	ASCII text, with very long lines (65495)	C0659D2D4C3AC9F3300D7D2288C89774	04D39142D242B266813CD627CF7ACD692E323B6F	B0ED219E2AE68E620709D03151796E52B700BF997815C816EA715CB342C90C94
Chrome Cache Entry: 113	Unicode text, UTF-8 text, with very long lines (65447)	3267B3EB7E0AB720EC7C435C39A8F239	9C2AF26A3AE7B68C9B5DDCCD5CA7DCD721B24990	6043C3BAB7C8948DA583CFF3791B718FB028D3F0CA2ABB268ADBC2A39E780F2F
Chrome Cache Entry: 114	ASCII text, with very long lines (65457)	713D9494703B670C887CCBC43B50716E	71F33A42D305C67519674EC3B4B716886818CC7B	66D97952F292F372D0E40BBBE4F38DFA583AC509FBF7AC25A26E42F0A8CA476B
Chrome Cache Entry: 115	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x394, components 3	14011415CACDC684EC26224D1046A7AD	4DA802A8ECE94321A2C851F0EE51FE7755AEC92D	DAE60D705348A7D79E5F588C6E03187C7DDA039908D601FA08FE575E2EE4FD0B
Chrome Cache Entry: 116	ASCII text, with very long lines (47686)	12622C9A5FECE84F5B7EA1C815EA79FC	864786DD754E8890304B795357A019CFD362E0DF	67A0B97B9A3399B8AEF0EA8FD890D64D4487E84D509FC3F1812B974D61C5328E
Chrome Cache Entry: 117	ASCII text, with very long lines (1839)	83583A4061DDC27E8B6EE0DC269519CD	8B1C0ACC28729208F640473EB5D8FB82C4BA3E15	C051B8B5EB2A0AEF699780F15A449491868FAA6F8B39B684B5AE8F64F345B94A
Chrome Cache Entry: 118	ASCII text, with very long lines (18721), with no line terminators	61CF4CE3640873476C651FD4D5F11D3F	B473495A925E24B74F2A2D882FD34AB52A546A60	D9EC6C98A544F75A0DFB832DC7109E57FB1283F765741A4FE52D82B0DFD57A71
Chrome Cache Entry: 119	HTML document, ASCII text, with very long lines (523)	4777DF9751DAE2C02A65DD76C382C58F	271A83C33D6D84166639D985E80962F4AFF6F25F	8EAAF8D63814BCC9BE7FE7F47024F99669ABA6343F4CCAF0995908B13007B3AD
Chrome Cache Entry: 120	ISO Media, AVIF Image	B46C3918F85536BB3302D42F69FE81A1	87B7B9ACECC198191824E156DD9322ABD6802FCA	82C7DBB9FEAAC161D1E04FEF5E1629CC97438037AB6982CC89A9571825E4147C
Chrome Cache Entry: 121	ASCII text, with very long lines (1143)	B427175FA1078775EB792756E7B6D1E7	4C55C0233D3D9002B3449C025F97821F8BB8900D	EE147E859AD0F09AA50367974E38AB53E7C7054C4A51D400A7F45B0EB251454F
Chrome Cache Entry: 122	ISO Media, AVIF Image	A8DA261C3613D2E047E5C8D8205B99C5	68F66CE794D76C840AE279001069C2057880227B	AFC922EDE810FEB422DDD666824AAB7BFA5FCFB811622F122350C9192657C9CC
Chrome Cache Entry: 123	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3	A56FDF7602DE74B579D41F5F85B96BC1	D347772112D60ECED70B5265AD322D1CE4027A5C	679A4BD97597318EA98C410BAC837ED943E703AA25ACDFD87489F725A83BDB5A
Chrome Cache Entry: 99	ISO Media, AVIF Image	5F650A524CF12F89DAC64D4AADC1FF0E	9213B9488F045E2A02F5D28870B3D338F60636EB	779E0A6A54493671AB5091DED9CD5F5D50180008220C1B23E4B2ECBA473C3905

Windows Analysis Report
Service Desk - Please verify your Account!.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Service Desk - Please verify your Account!.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Service Desk - Please verify your Account!.eml