Edit tour

Windows Analysis Report
(No subject) (90).eml

Overview

General Information

Sample name:	(No subject) (90).eml
Analysis ID:	1538719
MD5:	71afd3242fc290bf6847beb17263c551
SHA1:	a1f14c40abdce2e4e9b2b27b50c588b05a115ddc
SHA256:	e02650bed86b36ded4713048741d2d52d9ca5aed3096dd30d1ed76116393212f
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

AI detected potential phishing Email

Suspicious MSG / EML detected (based on various text indicators)

Detected suspicious crossdomain redirect

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 3112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (90).eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 544 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "88BA60EF-D248-4381-B63E-717F78FE9EC4" "BD78D5FB-0AC4-4CDF-AC8B-FE207EE80AE5" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,9039987064207983653,684999351343344289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

msedge.exe (PID: 3896 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\email.mht MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,17295024196049019224,14762295267959612625,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

chrome.exe (PID: 3472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=1992,i,17837752971670303683,2202200612718250401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

msedge.exe (PID: 7296 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\email.mht MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7552 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8632 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6540 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8652 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5148 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Suspicious MSG / EML detected (based on various text indicators)

Source: MSG / EML

OCR Text: DocuSign Pending Contract Agreement Document is ready for hgillette@santaclaraca.gov VIEW COMPLETED DOCUMENT Confidential information intended only for the use of the individual or entity named above. If you have received this as error, please notify the sender immediately and delete from your email. Any unauthorized disclosure, copying, distribution, or use of the information contained in this fax is strictly prohibited. The information in this email is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee and/or not an intended addressee to this email, please do not copy, distribute or othenvise act on the email. If you have received the email in error, please contact the sender immediately and delete the email and any attachment in this email from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person. The unauthorised use of this email may result in liability for breach of confidentiality, privilege or copyright. E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, conupted, lost, destroyed, anive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission

Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.101.66:443 -> 192.168.2.17:49771 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=3cdf2d74abf222c6b4ae493d3&id=7094920e5c&e=c056d10030#hgillette@santaclaraca.gov#
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.mail.beehiiv.com to https://milesofsmilesfoundation.org/?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=3cdf2d74abf222c6b4ae493d3&id=7094920e5c&e=c056d10030#hgillette@santaclaraca.gov#
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.mail.beehiiv.com to https://milesofsmilesfoundation.org/?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 13.107.246.38 13.107.246.38
Source: Joe Sandbox View	IP Address: 104.18.68.40 104.18.68.40
Source: Joe Sandbox View	IP Address: 104.47.65.28 104.47.65.28

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=duZveDGKDdT+ygm&MD=4+SAO1DX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZVVRTa8EQFrXUNq6P7v2HlSzf3J6EESK8xb0jfveQsEBZypXCaKcEhx5bb3L3ICkkhztNbCwiq1sFZKeng-2FI69YJzHKrsERxgWrKmR63SxJZ9KCLXcK4xUcWHfbfu5hevuQVFFNApx-2F8NGHiSPFzqe3-2BMAPnzXLXMjxF0o9e-2FvvW4JBD_2Rm0-2FS-2FJF-2BLH33iip41NYhQwe4HGorVV87kkY-2BZe-2BjYuS-2FBX3aFc1572-2FjYDbqEhZBU-2B1BLjshLrRtnmcIF6JcynI8pDqHRo5m1Xj-2FMj9PxI9xRRWwPvd8896vPxgCp61xoUzIBqcz5TAOihGDphxLBXyw5Eg7-2F5IBWE4VUjhfNJFOa6frl8Zto3ZQToQ3KwMu5aboIEADgZLVkPsSF7m0YRoX47natiyv0BOXToIW471V08sbfTDqhkPUqvTX-2FMZRkws5G-2BYiVkuEyx3pYhK-2Bw17GWDAE36jDfot-2F8UFq1HLsEjDW-2F-2BkGQ4yqCgNTsQSxhyWCxjGKn6teGhDZVl4oqgGFt2YXLiULX-2Fiq4-2Fco1MDzpqxXw-2F4tVWZGPBnNL984rImyAdJhDGx0N-2BNgXqdAACaqqwvVHw4x4J65gwn43gHrJshLRM7DzroSVH1srF HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VywseXPF6DpmaP2KXF4TdJ6uz1pHJdo7SIzf64awZn_DsPwbF0Oii_eW16b6DjZW2yznOTlm_VxQeAWAuOcWr9enBdMY228AFVKEGaLo1DSnWlaxBThs2IAXfaAO1h0AxlKa5Znxy93x0I97CvvQ6KVcNCMVw4_g/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730128911&P2=404&P3=2&P4=dPAPCeCU4n%2bvMAeY1OGLudYGfgHb%2b4GKjtlYXcqpW9fA2v6SyGlYlYB0rf1SQlgZN%2fC6NbXluDz%2bqLfq33rq9g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: apwiqwA4KSjHpW6UnW1X/ASec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=duZveDGKDdT+ygm&MD=4+SAO1DX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZVVRTa8EQFrXUNq6P7v2HlSzf3J6EESK8xb0jfveQsEBZypXCaKcEhx5bb3L3ICkkhztNbCwiq1sFZKeng-2FI69YJzHKrsERxgWrKmR63SxJZ9KCLXcK4xUcWHfbfu5hevuQVFFNApx-2F8NGHiSPFzqe3-2BMAPnzXLXMjxF0o9e-2FvvW4JBD_2Rm0-2FS-2FJF-2BLH33iip41NYhQwe4HGorVV87kkY-2BZe-2BjYuS-2FBX3aFc1572-2FjYDbqEhZBU-2B1BLjshLrRtnmcIF6JcynI8pDqHRo5m1Xj-2FMj9PxI9xRRWwPvd8896vPxgCp61xoUzIBqcz5TAOihGDphxLBXyw5Eg7-2F5IBWE4VUjhfNJFOa6frl8Zto3ZQToQ3KwMu5aboIEADgZLVkPsSF7m0YRoX47natiyv0BOXToIW471V08sbfTDqhkPUqvTX-2FMZRkws5G-2BYiVkuEyx3pYhK-2Bw17GWDAE36jDfot-2F8UFq1HLsEjDW-2F-2BkGQ4yqCgNTsQSxhyWCxjGKn6teGhDZVl4oqgGFt2YXLiULX-2Fiq4-2Fco1MDzpqxXw-2F4tVWZGPBnNL984rImyAdJhDGx0N-2BNgXqdAACaqqwvVHw4x4J65gwn43gHrJshLRM7DzroSVH1srF HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=jqGF.szNHTlWcp2sVDTHR8loDXwuRhaGq_P2rX9XBsg-1729524102-1.0.1.1-23SR8_pMaAEzqaJTKDFHbZDcfyTPXF7CZq8hslTBhiCfuQcX4381zZJ7_WUhDCaGh0Z4XnUf1Gu4XrfYGLYXtQ
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAYAyRJ4NfJvl7VoKEBus9MYiSdlG9UeNomFvoYVP6pzR5llQfQaWgTsSVdpbYUPsLoSO5mM6vsCFljp0PYD3IQPfsB%2B8lapgE66V3LzTSS1Ja9c0M5T1HdL9BHChlRKeM1lqrO/5wbPVnTZthFi4mx/VygZXObhw%2Bh6joeJ8rGej5dpIIDNlsQDalxynI/YWKM2x7jx7Xb8o7g78Xf97oZmTimXrTyEqIdi3hwQWeYhnX6V9chAVot5Zt01b4nbpkiit0G55%2B1%2BjsBOme7MmSnUbmHPxUegNabV3I374EGSokp1HnMo7O0eJqTVjf87k9PP9WJFB/tdSJo2dWWn%2B/lcQZgAAECuYVYVfpFKqDptQ6Bt0CzywAcV8Rzz00tJ04SFwIGuF7kwjIZnjx00N2e/dYho26N5x%2Bj8sUfrs22pw4vE%2BzK%2B4HA7RqBivpLKTuU7YnBth6NFpjOiLZ05Jhj/DMbJhWK%2BzkcN%2BYX72zjxFvRQG03WxXB8FYwZXQ4ag2Ijm%2BBVmzKgz8ghNxa5eNhPD%2BDnIU5I3wlJKovpubtfmkPeJDO9vAla%2BgcdbBJ9om1YkLInmfSWLEcsB52jIFRsyTCxFLrKvdmevxUc%2B3y6FoUsTa0e9cH4SyN4tZ8cNglMhS8CiEFYz0r1Ipv7/RmbK2iFN5Y6z9oNqGwEKFZOguNU3acYHioP8VIj6yp4HvL1JeL1F8hTNie3hHFolfmyZ4K5Z1/fRemWKDieASg26PcqKT8TeLLW/cfGBi8GmAfnnoYIzwSPQ14XFYOQOfTFew0ojCj2UWw3plYRfUqoPXcd5adrm5kW18UyxcAe1/q72petydanLKz7xO7ifgRNV0o5gjgv2POZ8juNcZmWpu%2B%2BV4N6xwPRpRPS/LFe4yyH9MSslv6ibhgCs6VmxVApFmTiMiTMNS%2B54HbD6DjtnJN6Ck7kQetoB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1729524160User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 0DA3F1A288B5483EAEBB19D89088830DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: email.mht.0.dr	String found in binary or memory: <https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2Fpages%2FWashington-DC%2FQuality-Trust-for-Individuals-with-Disabilities%2F127197883741&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288707137%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zjMS1AdjXZ6lv1Uu%2BOORcv9tnIeOFW3MhtDFcf%2Bqctc%3D&reserved=0> Follow us on facebook equals www.facebook.com (Facebook)
Source: (No subject) (90).eml	String found in binary or memory: /gcc02.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.facebook.co= equals www.facebook.com (Facebook)
Source: email.mht.0.dr	String found in binary or memory: 2Fwww.facebook.com%2Fpages%2FWashington-DC%2FQuality-Trust-for-Individual= equals www.facebook.com (Facebook)
Source: (No subject) (90).eml	String found in binary or memory: Follow us on=A0facebook http://www.facebook.com/pages/Washington-DC/Qu= equals www.facebook.com (Facebook)
Source: ~WRS{9AF887E2-4FD2-4F2B-A752-8DE8B6F713E9}.tmp.0.dr	String found in binary or memory: HYPERLINK "https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2Fpages%2FWashington-DC%2FQuality-Trust-for-Individuals-with-Disabilities%2F127197883741&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288707137%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zjMS1AdjXZ6lv1Uu%2BOORcv9tnIeOFW3MhtDFcf%2Bqctc%3D&reserved=0" \t "_blank" equals www.facebook.com (Facebook)
Source: email.mht.0.dr	String found in binary or memory: originalsrc=3D"http://www.facebook.com/pages/Washington-DC/Quality-Trust-= equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: avbbr-rb3qaue3c.us22.list-manage.com
Source: global traffic	DNS traffic detected: DNS query: link.mail.beehiiv.com
Source: global traffic	DNS traffic detected: DNS query: milesofsmilesfoundation.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: (No subject) (90).eml, email.mht.0.dr	String found in binary or memory: http://www.dcqualitytrust.org/
Source: (No subject) (90).eml	String found in binary or memory: https://Wid1x-h3jsHqopQ.us22.list-manage.com/t=
Source: (No subject) (90).eml, email.mht.0.dr	String found in binary or memory: https://aka.ms/o0ukef
Source: email.mht.0.dr	String found in binary or memory: https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.13.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.12.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.12.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 94accb8f-c467-4130-9c0f-3d047c4277e2.tmp.13.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.12.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 94accb8f-c467-4130-9c0f-3d047c4277e2.tmp.13.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.13.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.12.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log6.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log6.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log5.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr, HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log6.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr, HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log6.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://gaana.com/
Source: (No subject) (90).eml	String found in binary or memory: https://gcc02.safelin=
Source: (No subject) (90).eml	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=
Source: (No subject) (90).eml	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dh=
Source: email.mht.0.dr	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%=
Source: email.mht.0.dr	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
Source: (No subject) (90).eml	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%=
Source: ~WRS{9AF887E2-4FD2-4F2B-A752-8DE8B6F713E9}.tmp.0.dr, email.mht.0.dr	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dcqualitytrust.org%2F&data=05%7
Source: email.mht.0.dr	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef&data=05%7C02%7Chgi
Source: ~WRS{9AF887E2-4FD2-4F2B-A752-8DE8B6F713E9}.tmp.0.dr	String found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.c
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://m.kugou.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://m.soundcloud.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://m.vk.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://music.amazon.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://music.apple.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://music.yandex.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://open.spotify.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://tidal.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://twitter.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://vibe.naver.com/today
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://web.telegram.org/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://web.whatsapp.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.deezer.com/
Source: content.js.12.dr, content_new.js.12.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.instagram.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.last.fm/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.messenger.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.office.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.tiktok.com/
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://www.youtube.com
Source: ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.101.66:443 -> 192.168.2.17:49771 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winEML@73/248@20/14

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T1121260150-3112.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (90).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "88BA60EF-D248-4381-B63E-717F78FE9EC4" "BD78D5FB-0AC4-4CDF-AC8B-FE207EE80AE5" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,9039987064207983653,684999351343344289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\email.mht
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,17295024196049019224,14762295267959612625,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\email.mht
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6540 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=1992,i,17837752971670303683,2202200612718250401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5148 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "88BA60EF-D248-4381-B63E-717F78FE9EC4" "BD78D5FB-0AC4-4CDF-AC8B-FE207EE80AE5" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0846ZJPU\email.mht	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,9039987064207983653,684999351343344289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1956,i,17295024196049019224,14762295267959612625,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6540 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5148 --field-trial-handle=1980,i,16275543048844463963,4103199009093388035,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=1992,i,17837752971670303683,2202200612718250401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'VIEW COMPLETED DOCUMENT' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'view completed document'

AI detected potential phishing Email

Source: Email

JoeBoxAI: Detected potential phishing email: The email contains a suspicious link (https://Wid1x-h3jsHqopQ.us22.list-manage.com) that doesn't match the purported sender (DocuSign)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: Web Data.12.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.12.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.12.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.12.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.12.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.12.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.12.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.12.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.12.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.12.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.12.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.12.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.12.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
https://www.tiktok.com/	0%	URL Reputation	safe
https://chromewebstore.google.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
milesofsmilesfoundation.org	69.49.230.142	true	false	unknown
gcc02.safelinks.eop-tm2.outlook.com	104.47.65.28	true	false	unknown
link.mail.beehiiv.com	104.18.68.40	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.184.193	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	unknown
avbbr-rb3qaue3c.us22.list-manage.com	unknown	unknown	false	unknown
gcc02.safelinks.protection.outlook.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0	false		unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://link.mail.beehiiv.com/ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZVVRTa8EQFrXUNq6P7v2HlSzf3J6EESK8xb0jfveQsEBZypXCaKcEhx5bb3L3ICkkhztNbCwiq1sFZKeng-2FI69YJzHKrsERxgWrKmR63SxJZ9KCLXcK4xUcWHfbfu5hevuQVFFNApx-2F8NGHiSPFzqe3-2BMAPnzXLXMjxF0o9e-2FvvW4JBD_2Rm0-2FS-2FJF-2BLH33iip41NYhQwe4HGorVV87kkY-2BZe-2BjYuS-2FBX3aFc1572-2FjYDbqEhZBU-2B1BLjshLrRtnmcIF6JcynI8pDqHRo5m1Xj-2FMj9PxI9xRRWwPvd8896vPxgCp61xoUzIBqcz5TAOihGDphxLBXyw5Eg7-2F5IBWE4VUjhfNJFOa6frl8Zto3ZQToQ3KwMu5aboIEADgZLVkPsSF7m0YRoX47natiyv0BOXToIW471V08sbfTDqhkPUqvTX-2FMZRkws5G-2BYiVkuEyx3pYhK-2Bw17GWDAE36jDfot-2F8UFq1HLsEjDW-2F-2BkGQ4yqCgNTsQSxhyWCxjGKn6teGhDZVl4oqgGFt2YXLiULX-2Fiq4-2Fco1MDzpqxXw-2F4tVWZGPBnNL984rImyAdJhDGx0N-2BNgXqdAACaqqwvVHw4x4J65gwn43gHrJshLRM7DzroSVH1srF	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Web Data.12.dr	false	URL Reputation: safe	unknown
https://gcc02.safelin=	(No subject) (90).eml	false		unknown
https://web.whatsapp.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://duckduckgo.com/ac/?q=	Web Data.12.dr	false	URL Reputation: safe	unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://m.kugou.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.office.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.live.com/mail/0/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.last.fm/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://powerpoint.new?from=EdgeM365Shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Web Data.12.dr	false	URL Reputation: safe	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.13.dr	false	URL Reputation: safe	unknown
https://tidal.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://docs.google.com/	manifest.json0.12.dr	false		unknown
https://www.youtube.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.instagram.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://web.skype.com/?browsername=edge_canary_shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://gaana.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://drive-staging.corp.google.com/	manifest.json0.12.dr	false		unknown
http://www.dcqualitytrust.org/	(No subject) (90).eml, email.mht.0.dr	false		unknown
https://drive.google.com/	manifest.json0.12.dr	false		unknown
https://outlook.live.com/mail/compose?isExtension=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Web Data.12.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.messenger.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.office.com/mail/compose?isExtension=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://i.y.qq.com/n2/m/index.html	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.deezer.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://word.new?from=EdgeM365Shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://Wid1x-h3jsHqopQ.us22.list-manage.com/t=	(No subject) (90).eml	false		unknown
https://web.telegram.org/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://outlook.office.com/mail/0/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Web Data.12.dr	false		unknown
https://m.soundcloud.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=	(No subject) (90).eml	false		unknown
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://drive-daily-2.corp.google.com/	manifest.json0.12.dr	false		unknown
https://drive-autopush.corp.google.com/	manifest.json0.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.c	~WRS{9AF887E2-4FD2-4F2B-A752-8DE8B6F713E9}.tmp.0.dr	false		unknown
https://music.amazon.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://drive-daily-4.corp.google.com/	manifest.json0.12.dr	false		unknown
https://vibe.naver.com/today	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.12.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://open.spotify.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://aka.ms/o0ukef	(No subject) (90).eml, email.mht.0.dr	false		unknown
https://twitter.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://drive-daily-1.corp.google.com/	manifest.json0.12.dr	false		unknown
https://excel.new?from=EdgeM365Shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://web.skype.com/?browsername=edge_stable_shoreline	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://drive-daily-5.corp.google.com/	manifest.json0.12.dr	false		unknown
https://m.vk.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.13.dr	false		unknown
https://www.google.com/chrome	content.js.12.dr, content_new.js.12.dr	false		unknown
https://www.tiktok.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false	URL Reputation: safe	unknown
https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=	email.mht.0.dr	false		unknown
https://drive-daily-6.corp.google.com/	manifest.json0.12.dr	false		unknown
https://drive-daily-0.corp.google.com/	manifest.json0.12.dr	false		unknown
https://www.onenote.com/stickynotes?isEdgeHub=true	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://www.iheart.com/podcast/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://music.yandex.com	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dcqualitytrust.org%2F&data=05%7	~WRS{9AF887E2-4FD2-4F2B-A752-8DE8B6F713E9}.tmp.0.dr, email.mht.0.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef&data=05%7C02%7Chgi	email.mht.0.dr	false		unknown
https://chromewebstore.google.com/	manifest.json.12.dr	false	URL Reputation: safe	unknown
https://gcc02.safelinks.protection.outlook.com/?url=3Dh=	(No subject) (90).eml	false		unknown
https://drive-preprod.corp.google.com/	manifest.json0.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=	email.mht.0.dr	false		unknown
https://clients2.googleusercontent.com	94accb8f-c467-4130-9c0f-3d047c4277e2.tmp.13.dr	false		unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%=	(No subject) (90).eml	false		unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://chrome.google.com/webstore/	manifest.json.12.dr	false		unknown
https://y.music.163.com/m/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://bard.google.com/	ea3ea00c-e183-45cb-a61c-d8592bbce8c3.tmp.12.dr	false		unknown
https://gcc02.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%=	email.mht.0.dr	false		unknown
https://drive-daily-3.corp.google.com/	manifest.json0.12.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.38	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.68.40	link.mail.beehiiv.com	United States	13335	CLOUDFLARENETUS	false
104.47.65.28	gcc02.safelinks.eop-tm2.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.184.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
69.49.230.142	milesofsmilesfoundation.org	United States	46606	UNIFIEDLAYER-AS-1US	false
23.200.0.34	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
2.23.209.179	unknown	European Union	1273	CWVodafoneGroupPLCEU	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538719
Start date and time:	2024-10-21 17:20:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	(No subject) (90).eml
Detection:	MAL
Classification:	mal52.phis.winEML@73/248@20/14
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 2.19.126.137, 192.229.221.95, 13.89.179.10, 142.250.185.131, 142.250.185.174, 108.177.15.84, 34.104.35.123, 104.102.57.226, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.185.238, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.19.126.157, 142.250.185.163, 142.250.186.131, 172.217.18.3, 216.58.212.142, 142.250.81.227, 142.251.35.163, 142.250.80.99
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, mobile.events.data.microsoft.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, a1864.dscd.akamai.net, www.bing.com, ecs.office.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, edgeassetservice.azureedge.net, ecs.office.trafficmanager.net, clients.l.google.com, mobile.events.data.trafficmanager.net, omex.cdn.office.net, config.edge.skype.com.trafficmanager.net, e13829.x.akamaiedge.net, one
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: (No subject) (90).eml

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4
13.107.246.38	https://conta.cc/3JXNZaS	Get hash	malicious	Unknown	Browse
	https://southwest.app.link/3p?$3p=e_adobe_campaign_classic&$original_url=https%3A%2F%2Fsouthwest.com%3F%24deep_link%3Dtrue%26~campaign%3Dac_sec_promo_20230615_sale_wow%26clk%3DSECTEMPLATELOGO%26%24fallback_url%3Dhttps://firefliesops.web.app	Get hash	malicious	HTMLPhisher	Browse
	http://www.miltonhouse.nl	Get hash	malicious	Unknown	Browse
	https://ilmibilgiler.com/	Get hash	malicious	Unknown	Browse
	https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t	Get hash	malicious	HTMLPhisher	Browse
	https://26apmic12.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://document.mamabiller59.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://15apmic10.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://login.service-mediobanca.com/?rid=5spGrj3	Get hash	malicious	Unknown	Browse
	https://outlook.cyberlab-x.com/mail	Get hash	malicious	Unknown	Browse
104.18.68.40	http://www.thetech.buzz	Get hash	malicious	Unknown	Browse	www.thetech.buzz/
104.47.65.28	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse
	(No subject) (72).eml	Get hash	malicious	Unknown	Browse
	(No subject) (60).eml	Get hash	malicious	HTMLPhisher	Browse
	(No subject) (53).eml	Get hash	malicious	Unknown	Browse
	(No subject) (50).eml	Get hash	malicious	Unknown	Browse
	https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5	Get hash	malicious	HTMLPhisher	Browse
	https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5	Get hash	malicious	HTMLPhisher	Browse
	(No subject) (43).eml	Get hash	malicious	Unknown	Browse
	(No subject) (39).eml	Get hash	malicious	Unknown	Browse
	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
link.mail.beehiiv.com	https://link.mail.beehiiv.com/ls/click?upn=u001.VAKYHrYJybi0PWmoiUcOS-2F8NO0IgAqLrqDVUUj69KL7dJpM9FENV1TrCP6ADkGMvfNI5cbLfIiHNRr9-2BZIcUlDbLsEZZ-2BysualPZlYGUWqM6MRA6n1GMVqzKmcU82YYtsOHkIKs989bzreo72DoH3rM6lVEYRL4ZTP9Zj9l1Gl4nr1-2F9La9yhGi-2BcBSL9VQeiyDG_kaZbegZM04h14TrhJ-2FVOzqhv2Vmod0DMeh3Yk9TPE2TN0J9eS6m9v-2BigFT7IzuUCwMUkL-2B9uEyO6WYsWK9g6HB19p54mcF03ODbdCcpBXLd3niyKV6D6S73DYaH4JVMCyKVmvo2fCAIRID1pwLswIMlgsdX5y0OwvyjtGNEUiHSueazpg4Ec2ew-2BLP6iFFFblzQEAzXdbkMSfrUTmtYgnBdhEeHIoMe-2FuteSxt1vaUoPKrpXxIOOhnUF1UbjjvtUsvb2Emw6BLnCB6Sk86ywfKvaYHJkU5wHhHbLj7tXMjndv8IiqOgWuXA2CSyUYipBNKAMD-2FXVnCwDE2X5P-2BWn20KNxXaVwCtIp4x5lNE3JmhIJktcOlmm7E2f8vvDt-2B4uHP-2BOzyadBn6WenB9AGQLEXuz7AzzpqU95nIiVoZkildUYdVHCB0RL1VjNFtlp8uK#test@test.com	Get hash	malicious	HTMLPhisher	Browse	104.18.69.40
	https://www.google.fr/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Flink.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS0z6wG-1zBDHwJKvW2cHgWJTMQtr_VqZTDREew7RsDJjLX3Nu-hOB30y_dTACc_DC20WhJeWfQI9ldVnZg5I3l2FTVB0RS05hmGx0cQsdDkHpPzJaYyjKcdoY7HYeMLqArftV0YSw5Wm9JJrOI2mXih3-C4cj98VpbIH9I96jbo0VVbIhhGr8mn95Nnhq8dJiEDFZ2amN-vFP0KvhVNzd6bzdT0TFK8bA49IWUCbU9MGpR1lTLTQ8wGn4FQOGHcxbAFQg5aCXIk9dUPzquvqJ8d/4a7/BVRt3igITgKfI8bq35Ml_w/h94/h001.jQSqGb0rCzLfgHVmmxaOCxarjpgyicdCc0Ov4XzL60w	Get hash	malicious	Unknown	Browse	104.18.68.40
	https://www.google.se/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s/link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS3mzuBnL-QM9pVTUTxyWc1WyOovmb3Tk3NbIL2d2EAiLnALFxIwpw4Ea5BJnfNlGtrBBU_09OdOyxWIoH5OGk5krozZGyDG04GwV1A1i62V7ZHAsHD2HuXxLRbuTLwJ7nne5OoBikrWbP09wdmrU0Ux1PwQTxWW-4WqOLqDM-eOzn5OS5dc9AC-zsZGTpLU68lyIxLrcGUjprs01qDo_AF9kArbtDnZS59rgsqwPhVy55PUqH74R1QD9RQNSwa0QLjmNb6xFyDx4TkQQ9pmK-Sq/4a7/BVRt3igITgKfI8bq35Ml_w/h53/h001.yn5JRYzfVDjfbL0RFC-jVPp1XHK_GYk_K4Zr7dwWM3M	Get hash	malicious	Unknown	Browse	104.18.68.40
	https://svsjie.us9.list-manage.com/track/click?u=65baddd8dc4a29452f1a28eb2&id=dde4f4d149&e=6d04ecfe32	Get hash	malicious	Unknown	Browse	104.18.69.40
	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	Get hash	malicious	Unknown	Browse	104.18.69.40
	https://wuwqyf.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=aeea78af7c&e=6353042e9a	Get hash	malicious	Unknown	Browse	104.18.69.40
	johnny.guanCopy.pdf	Get hash	malicious	Unknown	Browse	104.18.69.40
	Bonus_Payments_Health_Insurance_Vacation_Policy_Update_20243568Acer Liquid Z63568.pdf	Get hash	malicious	Unknown	Browse	104.18.69.40
	https://www-documentsfiles-filled.s3.us-west-1.amazonaws.com/refrrence890345/settlements/QUFNa0FEQmxZMlE1TnpnMExUQTROV1l0TkRVM1lTMWlPR0V6TFdNeFlXWmtPVFEyWWpWaFlRQkdBQUFBQUFBbEl1MDJGRFVUUTZZV2hVeEtkUFIwQndEd2c3Q1hKNkVLUXJxSEZKR/indexx.html	Get hash	malicious	Unknown	Browse	104.18.68.40
	https://link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS2iibHCzSckW-Xqza-i40XM8AwrHFWHLO2bWKZxbUkM8EkXkDjT-qRfFpG6fRFJmyXp07a4A-3P4AvFDO2Y60Rux_1eV0epkpw3DKeXnvYG9fSvquYlkpTv8DCKzMwG4Flr6p-OuCMF9VdR1kPuiUcgeYFF7mlbZ6U8VGQGB4mGDTQOCt0ezbbR51t_tCixeZD8Q1Xb7g5RcGHc-PTQsF7_4w7VIDEoTRupwFot4ueZ1CrJ3LeX0TxbJwrO2bLlojSU6Mk4onhkeUX1VG6pQrcF/49t/NQgK9ZH_SP-rBKm4OrDVUA/h14/h001.9L7wjjCFt7eeCww5gJJ0B-M00y3mXNtLmvW5FF9tjfw	Get hash	malicious	Unknown	Browse	104.18.68.40
chrome.cloudflare-dns.com	http://google.com	Get hash	malicious	Unknown	Browse	162.159.61.3
	SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cjar.14389.14563.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cjar.14389.14563.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://r20.rs6.net/tn.jsp?t=ujqgb8abb.0.0.zumspjcab.0&id=preview&r=3&p=http%3A%2F%2Ffiles.constantcontact.com%2F99239f29001%2F765a22db-b453-4315-a344-dc2294500069.pdf	Get hash	malicious	Unknown	Browse	162.159.61.3
	SecuriteInfo.com.PossibleThreat.DU.6301.11346.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://login.fmcstenton.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638646907113918520.MmYzZWJhM2UtYzBjZC00MDQ0LTgzMzYtMTI3YTQzYzIzZTYyMzg3ZGYyOTgtM2FkZC00MjVhLWIwMjAtNmEzNjgxYWI5NTVk&ui_locales=en-US&mkt=en-US&client-request-id=3f92c55a-715f-457c-9a11-b97b4a791b74&state=wy8NFmtyNiv-kocq9K-nytUpFTjdTy7L2A04gwZKC2jcmp3FRDGKyVCLMZrqOSvNUZltOYcRlb3dMUEwvy2E3Xhb_075Vj9b5mYnLd28nGXqmBzInY6Eko9mpIYYRtZX8SsLRO79X8gPWMUXQhRee4SAGfuO0b9KW6yeQrI_6_ZekC6aT22BvIqct1AkaGtFG6ouO5stOZwToHF69bVhmggMrzGnntiwRmwi4kAPQM2sj3c4okPhmBPa-KJfmy8uDYBd4CN4cwN0Wak1kRt4_Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	Get hash	malicious	Unknown	Browse	172.64.41.3
	https:/next.frame.io/share/becebaad-5ab0-4164-809f-67b99bf2c145?component_clicked=transactional_call_to_action&email_id=5b3bedff-af9c-457a-a905-03d2d687a8cf&email_type=transactional&notification_type=share_reviewer_added	Get hash	malicious	HTMLPhisher	Browse	162.159.61.3
	https://landing-cs.mailcomms.io/73C4D162CAD9C4016A99EC5AF537DA57B4F5451828F0865A7DC8EA34ED2492F0	Get hash	malicious	Unknown	Browse	162.159.61.3
	SecuriteInfo.com.FileRepPup.24407.3577.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecuriteInfo.com.FileRepPup.24407.3577.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
gcc02.safelinks.eop-tm2.outlook.com	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.65.28
	(No subject) (87).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.64.28
	https://memakers-my.sharepoint.com/:f:/p/saeed/EuiMdoZoPpVNthIaEwKAedkBDFKyUdriWNhHe2RDzQxMdQ?e=5hQMeB&xsdata=MDV8MDJ8cGhlcm1hbkBidXJiYW5rY2EuZ292fDU4NDFjYjVhMjQzNDQ2YjU2ODZmMDhkY2Q3ZjZlNzZlfDY0OGRhZTMxMTgyYjRkYTI5OWVmMjU4MWFiOGU4YmVhfDB8MHw2Mzg2MjI3MDI2NDY5MTMzMDB8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDQwMDAwfHx8&sdata=STFxSjJFWXZ2WnFoSWJsSml1L3V4emhPdHNVTmE5OWJmbjZsSDRKcjlyND0%3d	Get hash	malicious	HTMLPhisher	Browse	104.47.64.28
	(No subject) (82).eml	Get hash	malicious	Unknown	Browse	104.47.64.28
	[VM]_ New message in mailbox 2145 from _WATERBOARDS_ ..eml	Get hash	malicious	Unknown	Browse	104.47.64.28
	https://memakers-my.sharepoint.com/:f:/p/saeed/EuiMdoZoPpVNthIaEwKAedkBDFKyUdriWNhHe2RDzQxMdQ?e=5hQMeB&xsdata=MDV8MDJ8Y3RyYWJlckBidXJiYW5rY2EuZ292fDU4NDFjYjVhMjQzNDQ2YjU2ODZmMDhkY2Q3ZjZlNzZlfDY0OGRhZTMxMTgyYjRkYTI5OWVmMjU4MWFiOGU4YmVhfDB8MHw2Mzg2MjI3MDI2NTAzODc0MDJ8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDQwMDAwfHx8&sdata=NENKTUZZU2szc0xpaVZyRHEzeVdOaE9HYnhiQ0dDZTdmRWF3QkpLU0tkaz0=	Get hash	malicious	HTMLPhisher	Browse	104.47.64.28
	S #74325 - You have been mentioned @nsioxson.eml	Get hash	malicious	Unknown	Browse	104.47.64.28
	(No subject) (72).eml	Get hash	malicious	Unknown	Browse	104.47.65.28
	(No subject) (67).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.64.28
	(No subject) (63).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.64.28

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.65.28
	Document.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	INV00663.docx	Get hash	malicious	HTMLPhisher	Browse	52.109.76.240
	Thermo Fisher RFQ_TFS-1702.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	PO-1021202416777 PNG2023-W111.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2F28KOjymVGMvsdxoOV3okyunn/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.60
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FCGJiV2TYiHhEjaWZAqcgtold/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.64
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FQVUPgqjgXFIkJFnzej6vlwSU/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.45
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2Fn8shpNHR5esID4MN5V6n2I56/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.67
	https://anviict.com/?qvtvxymb	Get hash	malicious	HTMLPhisher	Browse	40.99.149.146
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.65.28
	Document.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	INV00663.docx	Get hash	malicious	HTMLPhisher	Browse	52.109.76.240
	Thermo Fisher RFQ_TFS-1702.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	PO-1021202416777 PNG2023-W111.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2F28KOjymVGMvsdxoOV3okyunn/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.60
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FCGJiV2TYiHhEjaWZAqcgtold/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.64
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FQVUPgqjgXFIkJFnzej6vlwSU/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.45
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2Fn8shpNHR5esID4MN5V6n2I56/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.67
	https://anviict.com/?qvtvxymb	Get hash	malicious	HTMLPhisher	Browse	40.99.149.146
CLOUDFLARENETUS	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	DHL.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	172.67.74.152
	DHL_Shipping_Invoices_Awb_BL_000000000102120242247820020031808174Global180030010212024.vbs	Get hash	malicious	GuLoader	Browse	188.114.97.3
	Salary Revision_pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.114.97.3
	Proforma_Inv07.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://lambdachi.univer.se/	Get hash	malicious	Unknown	Browse	104.17.25.14
	INV00663.docx	Get hash	malicious	HTMLPhisher	Browse	104.26.12.222
	https://mlbmajorlossbuilders.hbportal.co/flow/66fdd3a6c031cc001f728831/view?hash=54079a777636a614d8d961b5b9a96a5f	Get hash	malicious	Unknown	Browse	104.17.25.14
	index.html	Get hash	malicious	Unknown	Browse	104.18.24.163
	8VYDvQtXBH.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.65.28
	Document.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	INV00663.docx	Get hash	malicious	HTMLPhisher	Browse	52.109.76.240
	Thermo Fisher RFQ_TFS-1702.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	PO-1021202416777 PNG2023-W111.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2F28KOjymVGMvsdxoOV3okyunn/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.60
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FCGJiV2TYiHhEjaWZAqcgtold/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.64
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FQVUPgqjgXFIkJFnzej6vlwSU/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.45
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2Fn8shpNHR5esID4MN5V6n2I56/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.67
	https://anviict.com/?qvtvxymb	Get hash	malicious	HTMLPhisher	Browse	40.99.149.146

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	https://lambdachi.univer.se/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	https://mlbmajorlossbuilders.hbportal.co/flow/66fdd3a6c031cc001f728831/view?hash=54079a777636a614d8d961b5b9a96a5f	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	index.html	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	Thermo Fisher RFQ_TFS-1702.xls	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	http://www.wagtg.com	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	http://tfmk.sweepshop.info/fwd/P2Q9OTU0NCZlaT00NDM2NzYzMSZpZj0zMTYwJmxpPTczNw	Get hash	malicious	Phisher	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2F28KOjymVGMvsdxoOV3okyunn/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FCGJiV2TYiHhEjaWZAqcgtold/S0pvbmVzQGtvbmlhZy1ncy5jb20=	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
	https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2FQVUPgqjgXFIkJFnzej6vlwSU/RENhcm5vdnNreUBrb25pYWctZ3MuY29t	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	4.175.87.197 20.190.160.20 184.28.90.27 20.12.23.50
6271f898ce5be7dd52b0fc260d0662b3	(No subject) (89).eml	Get hash	malicious	HTMLPhisher	Browse	2.16.101.66
	Thermo Fisher RFQ_TFS-1702.xls	Get hash	malicious	Unknown	Browse	2.16.101.66
	PO-1021202416777 PNG2023-W111.xls	Get hash	malicious	Unknown	Browse	2.16.101.66
	Carboline Quote Request.eml	Get hash	malicious	HTMLPhisher	Browse	2.16.101.66
	Re_ Matthew Magro shared _Bonitz .pdf_ with you.eml	Get hash	malicious	HTMLPhisher	Browse	2.16.101.66
	SUNLIGHT ORDER.xls	Get hash	malicious	Unknown	Browse	2.16.101.66
	PO-1018202416777 PNG2023-W101.xls	Get hash	malicious	Unknown	Browse	2.16.101.66
	https://foundersedition.lk/invoice_receipt.html	Get hash	malicious	WinSearchAbuse	Browse	2.16.101.66
	v2.0.pdf	Get hash	malicious	Unknown	Browse	2.16.101.66
	Purchase order.xls	Get hash	malicious	Unknown	Browse	2.16.101.66
3b5074b1b5d032e5620f69f9f700ff0e	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	13.107.5.88
	DHL.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	13.107.5.88
	DHL_Shipping_Invoices_Awb_BL_000000000102120242247820020031808174Global180030010212024.vbs	Get hash	malicious	GuLoader	Browse	13.107.5.88
	Order_MG2027176.vbs	Get hash	malicious	Remcos, GuLoader	Browse	13.107.5.88
	Salary Revision_pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	13.107.5.88
	Scanned_22C-6e24090516030.pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	13.107.5.88
	#U65b0#U7522#U54c1#U8a02#U55ae.vbs	Get hash	malicious	FormBook	Browse	13.107.5.88
	Order.vbs	Get hash	malicious	Remcos	Browse	13.107.5.88
	index.html	Get hash	malicious	Unknown	Browse	13.107.5.88
	Ricevuta_di_pagamento.vbs	Get hash	malicious	GuLoader	Browse	13.107.5.88

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	64254
Entropy (8bit):	6.103887984164913
Encrypted:	false
SSDEEP:	1536:y/Ps+wsI7ynj5TITaU90TpzZrEP+paEYRvvfog:y/0+zI7ynhgaWwphMfl
MD5:	5B699B1D23D7448791A2A2342E7D51B9
SHA1:	380EC7C879392A819338F04C23E19C79519BFD68
SHA-256:	6BA2137F7DFF8C425BFCE81E455E6EBADB0CE77575DE19BD3AFDB490C8AFB5DB
SHA-512:	ACF6590D40261F6E76A208B4D0BB1272B3B0A273054D36CE340F2E48E60EACDFE574D76DBBD65BB24EDF6C106A625443F99EB0B49884D4827A5650B5ABDD6F33
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"9E0A5915E51EE1E95D843B1CDAB336B8361C98398784A73FC6A8A28F910D2E75\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.398195628455024
Encrypted:	false
SSDEEP:	3072:Twg42pg3miGu2m2qoQJ9rt0FvwltZJ/xD:TV0mi2mDz7tZJ/V
MD5:	8B47B3087A6EF368B5DF1B93CEC48D56
SHA1:	73438262517B116BF6BA2F32B788EE00EA5ECE8F
SHA-256:	B0EF2147D5B1AA4E0BA4ECCD3F8117A7DDEBAE66D13671038430FD3BDE7F06D0
SHA-512:	34C326BE0B7EBC6548222055A4706CF10C29F48D95E0C5059E465E5439744860F01E90A2A1562A71A43F87FB3C1F88767B62ED8D61C03DB9D74CA374C6222230
Malicious:	false
Preview:	TH02...... .P.v..#......SM01X...,...p.h..#..........IPM.Activity...........h...............h............H..h...........`...h...........H..h\tor ...AppD...h.5#.0........h......4........h........_`.k...hJ...@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h.Z.2..........#h....8.........$h.......8....."h........0.....'h..............1h....<.........0h....4.....k../h....h......kH..h..4.p.........-h .......4.....+h.................... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 14:21:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996526386734119
Encrypted:	false
SSDEEP:	48:8o6dWTT7YbHTidAKZdA1JehwiZUklqehAy+3:8obU9/y
MD5:	A14B50BE279480DE3273C2ED50973328
SHA1:	6DAAD58A7833D7E181F5278FA2A49848FA919CA0
SHA-256:	82F2685F101D67D2AA3C888E23ABF909C00F1A5B7AE07A08563710DC4EDA42B6
SHA-512:	AAE8DA512D2ABE8B2F2C66CE00DAD3F13695832062A7FB8BFC2C048A14387014B5EF4BE539F135AFF23EFD1278AB0EF4554ABEF8AC9DF6396B7589CDCFB03C08
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....3O..#......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUY.z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUY.z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUY.z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............2=D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
Entropy (8bit):	5.919798554641433
TrID:	E-Mail message (Var. 5) (54515/1) 100.00%
File name:	(No subject) (90).eml
File size:	34'703 bytes
MD5:	71afd3242fc290bf6847beb17263c551
SHA1:	a1f14c40abdce2e4e9b2b27b50c588b05a115ddc
SHA256:	e02650bed86b36ded4713048741d2d52d9ca5aed3096dd30d1ed76116393212f
SHA512:	46b2b2fb5c643521140257dda23b3baf298d362f66646fdd11141c7518052aaaf4292cf01be96ab76c987ccdb8c345c3f9abd1a70f403b78b256d04b2c415cfc
SSDEEP:	768:yB5Pu3ZFNj3eXlcYEIzlZ9o3z83p3wpm1whHG:yBtu3ZFReXlPV7G83Bgrm
TLSH:	27F22A1EEB6D015362F261CDB5177F0DA3820ECDE2B3A2E074654AF40DCE8A2570638E
File Content Preview:	Received: from PH8PR09MB9280.namprd09.prod.outlook.com (2603:10b6:510:18c::11).. by DM8PR09MB6133.namprd09.prod.outlook.com with HTTPS; Fri, 18 Oct 2024.. 09:13:48 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=p8P9+

Subject:	Document Received Friday, October 18, 20242:13:35 AM
From:	Arel Wiesner <helpdesk1@dcqualitytrust.org>
To:	hgillette@santaclaraca.gov
Cc:
BCC:
Date:	Fri, 18 Oct 2024 02:13:36 -0700
Communications:	DocuSign Pending Contract Agreement Document is ready forhgillette@santaclaraca.gov VIEW COMPLETED DOCUMENT https://Wid1x-h3jsHqopQ.us22.list-manage.com/track/click?u=3cdf2d74abf222c6b4ae493d3&id=7094920e5c&e=c056d10030#hgillette@santaclaraca.gov# Confidential information intended only for the use of the individual or entity named above. If you have received this as error, please notify the sender immediately and delete from your email. Any unauthorized disclosure, copying, distribution, or use of the information contained in this fax is strictly prohibited. The information in this email is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee and/or not an intended addressee to this email, please do not copy, distribute or otherwise act on the email. If you have received the email in error, please contact the sender immediately and delete the email and any attachment in this email from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person. The unauthorised use of this email may result in liability for breach of confidentiality, privilege or copyright. E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission Yes Done Get Outlook for iOS https://aka.ms/o0ukef From: Jenise Ross Sent: Wednesday, October 16, 2024 2:57:00 PM To: Sid Ahvazi Subject: RE: Halima Thank you. Please warp over the equipment receipt form. Jenise Ross Deputy Director of Operations Direct:202-448-1444 Fax:202-448-1451 Email: jross@dcqualitytrust.org mailto:jross@dcqualitytrust.org 4301 Connecticut Avenue, NW Suite 310 Washington, DC 20008 www.dcqualitytrust.org http://www.dcqualitytrust.org/ Follow us onfacebook http://www.facebook.com/pages/Washington-DC/Quality-Trust-for-Individuals-with-Disabilities/127197883741 # 9339 in the United Way Campaign and DC One Fund # 33317 in the Combined Federal Campaign From: Sid Ahvazi Sent: Wednesday, October 16, 2024 2:56 PM To: Jenise Ross Subject: Halima Halima new laptop is ready I finished it yesterday she picked it up today Thank you Get Outlook for iOS https://aka.ms/o0ukef
Attachments:

Key	Value
Received	from VM-84909 (146.70.247.19) by CO1PEPF000044F5.mail.protection.outlook.com (10.167.241.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.17 via Frontend Transport; Fri, 18 Oct 2024 09:13:35 +0000
ARC-Seal	i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UoU0qeVwVDNtZ/vSYLVWpygvU5ai9a89VM6GQ/9qKkso3itSZ7HQDOOdRDpSW5UTtw/WN2quSMBy0XBooDXf8JEF/KQXmVyn6LzXvaIFCPxA7HmLNhOhIpCR8SYow/IsEwkId0RiqL6OehxnZpkLXJthn3iOYYwmSSQTuRfYSh0OIkpkeQG/JLjmBWoU1iF7dNgVuYHsl4mlj62uZVpQxOEq0QCyQ4xH6xzb71nn/Wuni6lN7kKcpF6QToGJYluKyCIV8yAJgsv5946or/bNhYVEM2gbpixvFYn5CyoHzX96kc3aaPj9/tWYz9lXqvIMwVirZ/5Ef1fOtqFRer1rpA==
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RtHDptJN2QvlytVoZQK3oxVJOr3YNFiElx6KWlWc4Qc=; b=Rx41aA9NDnkenZ9jKjayghfO/hVFkWGFjSBBbkIrtrycTLQc9dChidQbeBIY1f1bg8BjcSmdjLdxeeWCZSpM4rxf39j9q1Bi8T5/N2Jbvc8qZHT63HSbPpaZnRcdgh61mhsErSLBqlq2vnxekVg9Kw9HnK/fd5FtNzzDxbuQZXxLIFU+CEZKqeE5lAa5dYsBdfmJB747fzd370wsIz7pYf9yVKs7BxCjL6sXClTwnZjVNtFDBXQQ1LPgEmvJRerAz4ETJvRPI+ByMAW6aXtAqbJBubrj5n3D6LcsOCsT+C8hYkjIFuVMFlEhUq38fRp/Y38lbO8r+HQNra39bEOUSw==
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=fail (sender ip is 146.70.247.19) smtp.rcpttodomain=santaclaraca.gov smtp.mailfrom=dcqualitytrust.org; dmarc=fail (p=none sp=none pct=100) action=none header.from=dcqualitytrust.org; dkim=none (message not signed); arc=none (0)
Authentication-Results	spf=pass (sender IP is 40.107.223.115) smtp.mailfrom=dcqualitytrust.org; dkim=pass (signature was verified) header.d=dcqualitytrust.org;dmarc=pass action=none header.from=dcqualitytrust.org;compauth=pass reason=100
Received-SPF	Fail (protection.outlook.com: domain of dcqualitytrust.org does not designate 146.70.247.19 as permitted sender) receiver=protection.outlook.com; client-ip=146.70.247.19; helo=VM-84909;
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcqualitytrust.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RtHDptJN2QvlytVoZQK3oxVJOr3YNFiElx6KWlWc4Qc=; b=lUGitokM0xKshVz9Et/V3zTXHLrGq9IxXqyXdIFn5JS1TgKNpnauUs7xIhEm//Wzlb3Gue4ZGVM/HrmYGtl0tl3Vm9T/H7xAKfV9jsSNhBmgSk1zatZNnwkkkD9ehOVL/Cs5EQVRm/RaBng0B6M6fspnTbjnfD8a2NPWf8udx+M=
X-MS-Exchange-Authentication-Results	spf=fail (sender IP is 146.70.247.19) smtp.mailfrom=dcqualitytrust.org; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=dcqualitytrust.org;
From	Arel Wiesner <helpdesk1@dcqualitytrust.org>
Subject	Document Received Friday, October 18, 20242:13:35 AM
To	hgillette@santaclaraca.gov
Content-Type	multipart/alternative; boundary="gCsa=_fs1TVT4PJUnr3dLXPPtIs9CXM1JB"
Date	Fri, 18 Oct 2024 02:13:36 -0700
Message-Id	<20241810021335240D4C9659-135CC7F3D7@dcqualitytrust.org>
Return-Path	helpdesk1@dcqualitytrust.org
X-EOPAttributedMessage	1
X-MS-TrafficTypeDiagnostic	CO1PEPF000044F5:EE_\|SA1PR13MB4863:EE_\|DS1PEPF00017E08:EE_\|PH8PR09MB9280:EE_\|DM8PR09MB6133:EE_
X-MS-Office365-Filtering-Correlation-Id	7ee52c5c-09bf-4881-55e0-08dcef55275f
X-MS-Exchange-SenderADCheck	1
X-MS-Exchange-AntiSpam-Relay	0
X-Microsoft-Antispam-Untrusted	BCL:0;ARA:13230040\|240411011799012\|34070700014\|36860700013\|61400799027\|376014\|82310400026\|8096899003\|18082699012\|35012699015;
X-Microsoft-Antispam-Message-Info-Original	rvEkSbh5UtxFpRt7qJA0kY1YANsWUhEm+5G5ZidSpXUeeMJes7vnsF6/J488T5ndydcgOheyySZolcjA/oJZlNHXrZ0SHd66WUbAb2koRY+NSNl2ZHRxyLK2Zc+O/yc7S3FDqHvNcMoNeL3EIx78LgR9osu4MRSD9RNAK6xzmZqhp5gl1scxqfN5LDiU3Pf1Z7jE6z1qZIsL9GZD1MxJWrp3JqQ5vxkGVygyV/VdbvIK2IeN7q+fOGG27pkPe/WOvZAWJUC64ggtV8JbEzTiGxx35XgeWGawcE6xBgmxs8UreaJy53LEWECefZL+c9p7t87B/5x7HFmaOHn91FxvySynKeTosj9/VVCUY4ctd4iEJXBTRDV4uP1NPF8cVc7C1S0tJFeT7BPWFkL9u2Xrb/hVwxOB/AyKkzKHbH/fI68C/1ouuNQ1t0LcN5KaByY06zsuZ4Xr9oU5uD86EbfsYGVobmmR7taI6dzxbsFHkARe+yKdrhhGloUUDSvfOyUC2oYIPI3/sDZdn/JYsrWSOyalhyDSYNMZwRPXv1FuC/TXuvIJcUzYxoXG7a5doxTaedyuovptchn1DzG5i2HqNDEfZi2akhLW5g55unDqONVAyGDsH7MRtWd4lb4Ub5/RGsU/Z//Au/xmq5RTB5bfbXIWt7dByC38Qv3IDzk3DG0oLvAnMzLQ5RguEGFDzj05mhF6JoQTO8OVZs9vlSPbpeC0voloSgz8mILX8ltOv4HWVc997JdW1ZkDk0VujDzKJxbXQybqMmFACTwzd3bX6ibw9wWkjk5Zq7A7+LrPp12PTO8gkBJNRK9UYqVqhhAw2l+qc+ysgSxlAnNqnN2pT4SBpsXAoolM9N+go2KibF2laHE5LL9QYzdnXSqxnZoKsl063wJ4rhJteaA7Ng3cRh5eP6+cpIq6B1PEBej4Xa2KSfc37Uor9UABIdC1b6Z/Peq4KPeJP2/30QuyB9xdQhYrd3YO5gGSsOiD5yeSloqfqtTwe/GcLdTEK3uwYe9lj5zbk4bJFAjg0uqJpavr37JjMmYIH8v8C17+Ms1V+Udu81sNQfRH02o2j1uZTIbo9ZGCN2tYz+22kEUd96IQHIbOawaPQETr1DVE8A1o4VnWFmgYtrLh7nssdYto1SSGyuDh7ODUXyInbFCVH/JHtTn6KQ4yrFABIp3ydmaq8JD9kkeYyH7QQ9hD9aazPxT5bI7NWkm74qXnWN7s+jEhpoTDPC/BUltwNNjLfugzhUfZrPnuaZ/L3axSqUTnySi/55SbVx0IeEiqWDVg/GU+5HC7N9qUiGLFGWAYbqhrL81pUQxIyTn1L7USDfozs0+DqVepyWrrTAcSSEmp5bmBsToZbCSer+Y6OOZwbRAaiSx1fCw3pPln9fl7UKslISC9MTGRB2m623QGrs2wUg33c92+KAyciVqtuO1N36hq6ko=
X-Forefront-Antispam-Report-Untrusted	CIP:146.70.247.19;CTRY:AE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VM-84909;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(240411011799012)(34070700014)(36860700013)(61400799027)(376014)(82310400026)(8096899003)(18082699012)(35012699015);DIR:OUT;SFP:1102;
X-MS-Exchange-Transport-CrossTenantHeadersStamped	PH8PR09MB9280
X-MS-Exchange-Organization-ExpirationStartTime	18 Oct 2024 09:13:39.1585 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	7ee52c5c-09bf-4881-55e0-08dcef55275f
X-EOPTenantAttributedMessage	28ea3548-1069-4e81-aa0b-6e4b3271a5cb:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped	DS1PEPF00017E08.namprd09.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted	DS1PEPF00017E08.namprd09.prod.outlook.com
X-MS-PublicTrafficType	Email
X-MS-Exchange-Organization-AuthSource	DS1PEPF00017E08.namprd09.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs	eaf4405a-aae1-4274-3f4c-08dcef5525c3
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|35042699022\|12062699021\|35012699015\|18082699012\|8096899003;
X-Forefront-Antispam-Report	CIP:40.107.223.115;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM11-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam11on2115.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(12062699021)(35012699015)(18082699012)(8096899003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	18 Oct 2024 09:13:39.0648 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	7ee52c5c-09bf-4881-55e0-08dcef55275f
X-MS-Exchange-CrossTenant-Id	28ea3548-1069-4e81-aa0b-6e4b3271a5cb
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp	TenantId=fcb19f72-1f63-4c85-b20b-0c11dccda1f0;Ip=[146.70.247.19];Helo=[VM-84909]
X-MS-Exchange-CrossTenant-AuthSource	DS1PEPF00017E08.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-EndToEndLatency	00:00:09.2474376
X-MS-Exchange-Processed-By-BccFoldering	15.20.8069.009
Importance	high
X-Priority	1
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info	9LWEeKRyMr7BORZl3IQjyd8z+gphiwE83pFvbostaiGd883Z3Cgblxmq2p91+oazstGh6BN7Zav0JHd6Kh/+cRt6iPIeE+VO5QToBeJsuLgjDwF4rZXmG9SaXaYPFgfnhmRjkO2F98QNYrhcYaSARcs9VOjU12xWP4S5Hx7L2yry+UgsdKwfyqXokNJnf30ewEpiqEZziTQ8sOdPhBFjWZf3hlHpA6boia93xItU/rHjfUrNn17zSPvHw7gDxuK6xqyARmnKl9yGSEgDhBGVaxb2wgRY1t/M2Bj73HTPgtyqnctqE7kGYNCMeC0QrwkaEwgGtsJdng58MybfCJQf7iBfr4gzGA6Ybra+Y9saj+hZoBEHgQcYrO/kx1ip/kCyQpoShnrsW1UaK6xDaXcv9QBAEUisrlfDNHrYVxt5FxGrlSVllbAobk5SX90cyk3+No31AWWrNVheBIadqOCfHA4/2pu0Ji/h/v1Yf87YadchAEKXlEPDFgU+AlzW6Tkq72Hlc4X7+1HKwZrPYb29wDbU905QZ301CBaXh86h2JNjghs8xhbjZBjkqzX7p93Eam+jJkmFDql5DLQ1cEOgsb/296qEjhpuZB3pi9ZHiArEe9mXNi+YD8sDdY0bml0xkvjVBJcqWBVhFAt4vgI2GPOugfWSxouhSK0Tt4ZdjyIlkBly2OTSbYqu5l7kvouCWBbu6bQt93H3+gmJ9539B7gmywJmVDLnF7dxfpX9vdXsGqQePMEG8/ZZF9Ku3bKTnFk7ZQXbmSKMByD9CDqGDWadRGLuPCheiXM1/qwhm+ZiaPD9C2F7OEWp0KeuQcvAN7W6MS4n0bwGsLXMfEscnboXou6nGktePdPt5OMOlyBCRwOOth/KSIQxbmdPlZggfqR/9gq3AQgr1nXOqHUoactXv6D+XgMyqeKxWZ/JdTqEhSk7yqqQkdBVxHep3IWAvErPh03Lw2DT8eGbKKn+GjhRHXdHM4J/9ilaJHLJ1jPjlgUv67ZAxZTJttgMncsHJoyrKham/faE2dtpFLkWxMLDtHJOUBMwg5hqG+2sas8nuRjfBHdBjb28aTtDuR4pvHiDGs2izFE3ULNhIuKbb21EDJfQsU068hRz+onkQBP7Kb7lrsjf9MBojCpM4j7uiwOLUIHlPO+eH6bvpJt+UHm8/BaWIQsJ989e6Mvzf7OiyyLJxAlnsz7nzreiUjgpA6BYjXOGN9hgKpTGqMOHIIxs51SuzrzPftCtRd/V8h6Rt0ZbmEXbYABr8z2DKFESixFb05szsqnnhKE0FjsYAgFX9Lj6Hg/7LM5AJ4/+vH0llhqM2+FlslcDefJVx3lMlKhwplsOQAdIXBo/rHLT9XnESSnHZAFMmJnwiqwLCbZcp2mSMf4IQKi2fYnqm49FcyaC2p/6LMuIayDvY50nBOfhOlzoV9DN44aJBLce1f2krV9wWlX2RqMvBfA744nxnQE8Y334hK+s8HwAsURikpSSk2zUhvQAe70ZmkxNsCKQ7TJen5knd3OKelwnxEZSMHDxTijdPj9qGgn+PZWr4U3IfYb6bv4fxdJgS0xRxydxZT+tQ4RCGvv6xAL2O6em5gtmQKO+hv9inBRDZwj6GlsJBJHguZh2bJLWbC19pUjCoZJAqeMG3ir9psBWM7JAB7mfUJZPluqNpZjwSW7i/bMZzdvISLK+saLhz5se1eGIwTakI6l9EqsD+o7S6bBLgS9aZ2tDQE1LDuTbDYze1dWk57E1R9MDvl7iPrdYnv8UmUpLdbiD3OdVJ5fybNudzKVpmPbggyfn4BobhdtgttuQOYMETlPCG+LfZLdxSpVbBT/iSphtMNRrusxMTXsaPkrj7patGVSoM4YkALBrjIcJfwDdUXf1BR5Z0dfDSvdinvgERwb3JGUwlTdDbEoTdIKzd2xbWQoyaeeWyoLaAgNmfdQ41copSaoYn+eBXuH5JZYwQtkGLLnIHYOCNiUIakw1Z9X8yqvLZvy/dlA1bu57E4aetqaK13KfLKYe+/8djfmK3yGG4X6yqfBUsn3X6Ma5W1uwSu0zx4in/MUZF2MVObelQBvvkgiKks6WY4T+s7htwmBqWazU9EhpYlLzVrr1AxW/2lwENwXN9ulnIhLZ31iipqqYAhU01sLS21zn5ZelX5EtbHeonwgbwJaYbfhCS+NPAfAHs+VJH1lKpFzpVtS60FKgU0tZDG1KEVv0CbWQ96rlaey+uzuZnIwAGbpKo+5wP0L/mkJsOAM8HjZgrelsRiaRutj9FaX/0Fc=
MIME-Version	1.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 17:21:38.035816908 CEST	50058	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:38.035969973 CEST	56090	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:38.038707972 CEST	53	50910	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:38.043941021 CEST	53	60543	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:38.054754019 CEST	53	50058	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:38.058557034 CEST	53	56090	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:38.950431108 CEST	53	62242	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:39.978158951 CEST	54702	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:39.978313923 CEST	65407	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:41.410574913 CEST	53123	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:41.410763025 CEST	54278	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:41.420181990 CEST	53	53123	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:41.421806097 CEST	53	54278	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:42.062690020 CEST	55096	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:42.062994003 CEST	63005	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:42.082101107 CEST	53	63005	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:42.088587999 CEST	53	55096	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:42.844588995 CEST	52984	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:42.844733953 CEST	55391	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:42.852207899 CEST	53	55391	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:42.852557898 CEST	53	52984	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:50.516124010 CEST	49190	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:50.516294956 CEST	51252	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:50.698617935 CEST	62508	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:50.698766947 CEST	53718	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:50.706243038 CEST	53	62508	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:50.706819057 CEST	53	53718	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.809977055 CEST	50067	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.810138941 CEST	59705	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.810503006 CEST	49773	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.811336994 CEST	63321	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.817291021 CEST	53	50067	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.817461967 CEST	53	59705	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.817606926 CEST	53	49773	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.819302082 CEST	53	63321	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.819493055 CEST	65520	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.819890022 CEST	60130	53	192.168.2.17	1.1.1.1
Oct 21, 2024 17:21:53.827040911 CEST	53	65520	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:53.827447891 CEST	53	60130	1.1.1.1	192.168.2.17
Oct 21, 2024 17:21:54.389071941 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.698144913 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.806544065 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.806636095 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.807068110 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.807250977 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.807760000 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.809597015 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.809763908 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.810339928 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.810447931 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.898811102 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.898829937 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.898839951 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.898974895 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.899303913 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.899378061 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.901444912 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.902781963 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.902937889 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:54.903335094 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:54.988760948 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:21:55.015398979 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:21:55.879167080 CEST	53	63677	1.1.1.1	192.168.2.17
Oct 21, 2024 17:22:09.674556971 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:09.674747944 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:09.765991926 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:09.768043995 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:09.768083096 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:09.768456936 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.543443918 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.543942928 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.544820070 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.634660959 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.634972095 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.635478020 CEST	443	63339	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.635797977 CEST	63339	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.852554083 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.964426041 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.964443922 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.964457035 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.964493990 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:10.966913939 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.968089104 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.968292952 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.968547106 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:10.968882084 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:11.064764023 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.064883947 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.064896107 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.064908028 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.064918041 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.064974070 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.077303886 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:11.079446077 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:11.079550028 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:11.168205976 CEST	443	56545	172.64.41.3	192.168.2.17
Oct 21, 2024 17:22:11.201706886 CEST	56545	443	192.168.2.17	172.64.41.3
Oct 21, 2024 17:22:14.773718119 CEST	53	61121	1.1.1.1	192.168.2.17
Oct 21, 2024 17:22:37.353140116 CEST	53	55891	1.1.1.1	192.168.2.17
Oct 21, 2024 17:22:37.993804932 CEST	53	53368	1.1.1.1	192.168.2.17
Oct 21, 2024 17:22:48.627293110 CEST	138	138	192.168.2.17	192.168.2.255
Oct 21, 2024 17:23:06.976638079 CEST	53	55933	1.1.1.1	192.168.2.17

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-21 15:21:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-21 15:21:33 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 21 Oct 2024 15:20:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: f0534a14-53ec-47de-84db-190e55522cdd PPServer: PPV: 30 H: PH1PEPF0001B7DD V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 21 Oct 2024 15:21:32 GMT Connection: close Content-Length: 11392
2024-10-21 15:21:33 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:34 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-21 15:21:34 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-21 15:21:34 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 21 Oct 2024 15:20:34 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: c4fbb65a-b56e-4e39-b92c-bb6ed09ce82f PPServer: PPV: 30 H: SN1PEPF0002F8DE V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 21 Oct 2024 15:21:33 GMT Connection: close Content-Length: 11392
2024-10-21 15:21:34 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:35 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-21 15:21:35 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-21 15:21:35 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 21 Oct 2024 15:20:35 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: 36b7d7c5-da2b-4d63-971b-c251233d9025 PPServer: PPV: 30 H: BL02EPF000270CC V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 21 Oct 2024 15:21:34 GMT Connection: close Content-Length: 11392
2024-10-21 15:21:35 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:35 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=duZveDGKDdT+ygm&MD=4+SAO1DX HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-21 15:21:35 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a92005ee-0ab8-427a-a4ff-5ae78d1af3a0 MS-RequestId: 71e835b5-cedc-4583-9b06-4babee1fb8ab MS-CV: K9GHLV7RKEaM1EYK.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 21 Oct 2024 15:21:34 GMT Connection: close Content-Length: 24490
2024-10-21 15:21:35 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-21 15:21:35 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:36 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4742 Host: login.live.com
2024-10-21 15:21:36 UTC	4742	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-21 15:21:36 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 21 Oct 2024 15:20:36 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: e756a0c9-e4da-4b2a-b330-e08c5903219b PPServer: PPV: 30 H: BL02EPF0001D883 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 21 Oct 2024 15:21:35 GMT Connection: close Content-Length: 10197
2024-10-21 15:21:36 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:38 UTC	1166	OUT	GET /?url=https%3A%2F%2Favbbr-rb3qaue3c.us22.list-manage.com%2Ftrack%2Fclick%3Fu%3D3cdf2d74abf222c6b4ae493d3%26id%3D7094920e5c%26e%3Dc056d10030%23hgillette%40santaclaraca.gov%23&data=05%7C02%7Chgillette%40santaclaraca.gov%7C7ee52c5c09bf488155e008dcef55275f%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638648396288656756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oG3JRRL%2FQQlVv4k9WjUfqnkVh4si7y9AZlV44Gtc10Q%3D&reserved=0 HTTP/1.1 Host: gcc02.safelinks.protection.outlook.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-21 15:21:39 UTC	693	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=3cdf2d74abf222c6b4ae493d3&id=7094920e5c&e=c056d10030#hgillette@santaclaraca.gov# Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 4.0 X-SL-GetUrlReputation-Verdict: Good X-Robots-Tag: noindex, nofollow X-AspNet-Version: 4.0.30319 X-ServerName: DM3GCC02WS903 X-ServerVersion: 15.20.8093.014 X-ServerLat: 1166 X-SafeLinks-Tracking-Id: 716dcd7b-a5ba-40b1-e857-08dcf1e40f10 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Date: Mon, 21 Oct 2024 15:21:39 GMT Connection: close Content-Length: 264
2024-10-21 15:21:39 UTC	264	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 62 62 72 2d 72 62 33 71 61 75 65 33 63 2e 75 73 32 32 2e 6c 69 73 74 2d 6d 61 6e 61 67 65 2e 63 6f 6d 2f 74 72 61 63 6b 2f 63 6c 69 63 6b 3f 75 3d 33 63 64 66 32 64 37 34 61 62 66 32 32 32 63 36 62 34 61 65 34 39 33 64 33 26 61 6d 70 3b 69 64 3d 37 30 39 34 39 32 30 65 35 63 26 61 6d 70 3b 65 3d 63 30 35 36 64 31 30 30 33 30 23 68 67 69 6c 6c 65 74 74 65 40 73 61 6e 74 61 63 6c 61 72 61 63 61 2e 67 6f 76 23 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://avbbr-rb3qaue3c.us22.list-manage.com/track/click?u=3cdf2d74abf222c6b4ae493d3&id=7094920e5c&e=c056d10030#hgillette@santaclaraca.gov#">here</a>.</h2></body>

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:41 UTC	1377	OUT	GET /ls/click?upn=u001.viGU38YukUtIGED3xC-2FGZVVRTa8EQFrXUNq6P7v2HlSzf3J6EESK8xb0jfveQsEBZypXCaKcEhx5bb3L3ICkkhztNbCwiq1sFZKeng-2FI69YJzHKrsERxgWrKmR63SxJZ9KCLXcK4xUcWHfbfu5hevuQVFFNApx-2F8NGHiSPFzqe3-2BMAPnzXLXMjxF0o9e-2FvvW4JBD_2Rm0-2FS-2FJF-2BLH33iip41NYhQwe4HGorVV87kkY-2BZe-2BjYuS-2FBX3aFc1572-2FjYDbqEhZBU-2B1BLjshLrRtnmcIF6JcynI8pDqHRo5m1Xj-2FMj9PxI9xRRWwPvd8896vPxgCp61xoUzIBqcz5TAOihGDphxLBXyw5Eg7-2F5IBWE4VUjhfNJFOa6frl8Zto3ZQToQ3KwMu5aboIEADgZLVkPsSF7m0YRoX47natiyv0BOXToIW471V08sbfTDqhkPUqvTX-2FMZRkws5G-2BYiVkuEyx3pYhK-2Bw17GWDAE36jDfot-2F8UFq1HLsEjDW-2F-2BkGQ4yqCgNTsQSxhyWCxjGKn6teGhDZVl4oqgGFt2YXLiULX-2Fiq4-2Fco1MDzpqxXw-2F4tVWZGPBnNL984rImyAdJhDGx0N-2BNgXqdAACaqqwvVHw4x4J65gwn43gHrJshLRM7DzroSVH1srF HTTP/1.1 Host: link.mail.beehiiv.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-21 15:21:42 UTC	664	IN	HTTP/1.1 302 Found Date: Mon, 21 Oct 2024 15:21:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: https://milesofsmilesfoundation.org/?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post X-Robots-Tag: noindex, nofollow CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=jqGF.szNHTlWcp2sVDTHR8loDXwuRhaGq_P2rX9XBsg-1729524102-1.0.1.1-23SR8_pMaAEzqaJTKDFHbZDcfyTPXF7CZq8hslTBhiCfuQcX4381zZJ7_WUhDCaGh0Z4XnUf1Gu4XrfYGLYXtQ; path=/; expires=Mon, 21-Oct-24 15:51:42 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8d623d24feb96a5e-EWR
2024-10-21 15:21:42 UTC	164	IN	Data Raw: 39 65 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 69 6c 65 73 6f 66 73 6d 69 6c 65 73 66 6f 75 6e 64 61 74 69 6f 6e 2e 6f 72 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 6d 61 72 79 73 2d 6e 65 77 73 6c 65 74 74 65 72 2d 65 38 35 37 62 63 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 73 6c 65 74 74 65 72 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6e 65 77 2d 70 6f 73 74 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a 0d 0a Data Ascii: 9e<a href="https://milesofsmilesfoundation.org/?utm_source=marys-newsletter-e857bc.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post">Found</a>.
2024-10-21 15:21:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:50 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:50 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Mon, 21 Oct 2024 15:21:49 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-21 15:21:50 UTC	465	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=5022 Date: Mon, 21 Oct 2024 15:21:50 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:51 UTC	594	OUT	GET /crx/blobs/AYA8VywseXPF6DpmaP2KXF4TdJ6uz1pHJdo7SIzf64awZn_DsPwbF0Oii_eW16b6DjZW2yznOTlm_VxQeAWAuOcWr9enBdMY228AFVKEGaLo1DSnWlaxBThs2IAXfaAO1h0AxlKa5Znxy93x0I97CvvQ6KVcNCMVw4_g/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:51 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135800 X-GUploader-UploadID: AHmUCY0pqY6lD4n7E1MPPFNzsMrw41n-ud5Jh_x8LAuBSbZ3YDB9Om_AE15TEdWH_3Hcmbe57IM X-Goog-Hash: crc32c=2rkoIg== Server: UploadServer Date: Mon, 21 Oct 2024 03:47:40 GMT Expires: Tue, 21 Oct 2025 03:47:40 GMT Cache-Control: public, max-age=31536000 Age: 41651 Last-Modified: Wed, 25 Sep 2024 18:28:43 GMT ETag: c770f43b_2e4e8419_a87d1040_314358aa_d4b28262 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-21 15:21:51 UTC	812	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: ba 97 f1 5f ff f1 43 56 b7 f2 f3 32 8c 97 6b ff e3 2f 3f c6 cf aa aa f3 5b fd a7 a1 fa fc d3 e9 a2 aa 1f 7f fe 71 bb 9c fb 4a fe bd bc f6 63 d5 8f 3f fe f2 8f 1f 43 fe 54 d7 5c ea cf 57 cf a0 29 4c db 10 dc 36 52 b3 ae 4b b3 56 e5 f3 f0 c2 ad db 25 eb a6 af cc 1c 4f a5 a9 5e 44 72 78 41 fb 9f 36 ba 3c 2e c2 53 bd 48 91 71 68 ae 17 fd f9 3a 6c a8 79 f8 fe 7b a7 6e 22 0d 2f 91 1a 7f 3d f4 4e 2d bd f3 25 ba 1c a6 b0 39 df 4b cf ee bf 3f 53 76 db 2f 09 b7 d7 2c 45 d7 ef ef 0b 13 71 f1 34 26 ce cf cf a4 1d 31 62 70 a4 dd d8 08 0f 75 79 47 81 9c d9 a1 04 01 42 40 ec 48 17 3c 73 3f d8 54 9e b0 c5 33 d8 1e fd db a5 f4 a0 91 ef 0e 2f 07 b5 bd 15 26 aa 0b 8f cd 47 13 76 47 13 a8 d2 42 b5 30 f5 75 37 cc 85 b9 b9 1c 77 c1 b3 30 b7 ff 9e e7 f7 b3 05 53 ee aa 9e 59 f5 Data Ascii: _CV2k/?[qJc?CT\W)L6RKV%O^DrxA6<.SHqh:ly{n"/=N-%9K?Sv/,Eq4&1bpuyGB@H<s?T3/&GvGB0u7w0SY
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: 8c e8 90 08 7f c8 2b 5e bb f9 de 41 cc 98 dc 84 c5 1b d6 04 22 eb da 27 82 a5 ad 63 16 2d b2 d7 de 7f e5 f8 38 9b d9 24 52 5d ef 15 36 91 61 58 94 c1 5c ba c8 2b f6 30 ce 7d 84 43 e5 5a b2 ab 77 d8 85 5a 03 02 5c 3e 81 8f 0d f9 b5 38 7e 7f 58 eb b9 37 64 0e c6 b0 57 4a 18 93 73 a4 e8 11 d2 b1 a3 4a ee 8a bd 74 93 bd 0c 4a 2a 62 0c b0 53 f6 5a a3 a9 d6 23 46 a7 d0 5f 5e fb f2 ff a1 c1 65 83 87 cc a8 95 f4 c5 67 6e aa 34 71 c3 91 f8 8e 1b 37 a2 17 66 90 e1 4e 87 82 e5 5c 84 2b 32 da 89 f7 52 41 07 9b 72 b3 9c 7b 72 2d ff 51 fb dc 0d f6 84 8b e6 ba 95 6e 60 12 00 3b e4 0b 91 1b c3 91 cc 5a 03 3c cc 43 ff a7 19 9b 8f 07 f3 71 9c 51 bc af ba f3 63 91 bf b5 36 f7 06 17 29 d8 a6 d6 f0 26 95 3b 47 b0 6e 09 40 14 5b 75 a0 7b 8c 44 b4 60 d6 bd 0e d5 f5 c0 8b 0d f0 Data Ascii: +^A"'c-8$R]6aX\+0}CZwZ\>8~X7dWJsJtJ*bSZ#F_^egn4q7fN\+2RAr{r-Qn`;Z<CqQc6)&;Gn@[u{D`
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: f5 09 d3 ed 90 b3 d7 89 ea 7e 94 77 8b fd d5 bd 58 b9 b7 a2 7b c5 17 ed d9 73 4a e4 91 70 dd 47 75 cc c6 56 b0 ab ba e9 3d 4a 8c 67 e9 cb cf dc c0 29 23 70 9f c0 01 e6 b3 68 45 a7 fb 8e 25 f6 96 53 af f5 39 11 dd d8 94 07 9d e0 07 40 00 fb 40 ed e0 0a 6e d7 bc 81 88 d0 31 c6 9e 7d 27 5d ad b8 0b cd 84 21 bb ea e0 07 d6 b1 b9 c4 be f4 56 b2 57 03 cd 1b 28 ca c6 b9 94 7c 7b 24 14 9b b1 85 37 a2 13 6f 19 71 be 88 76 fd b8 dd d6 88 6f 9f cc c8 00 69 5f 41 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 be 3b 09 78 b6 44 3b 68 e6 41 cf f6 78 4c 3a 14 11 57 eb 10 6d 1f df fb 8d c4 1b 6e 99 25 be f3 af cd fa e0 19 7a 87 e7 ff c1 df 48 81 43 d7 c6 3f 03 db 83 4c 1d 83 bb e3 5b 6c 6c fd 42 21 1e cf ac 4d 60 3c 53 d8 da 9c 8f 2f e1 de c9 12 22 41 49 d1 15 ab a1 11 33 Data Ascii: ~wX{sJpGuV=Jg)#phE%S9@@n1}']!VW(\|{$7oqvoi_Ab \b\|wt;xD;hAxL:Wmn%zHC?L[llB!M`<S/"AI3
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: fe d0 14 9d 6b 64 fd d9 e2 e4 e7 94 b7 a2 c7 ba ce 55 0c bd 70 2f b6 11 91 34 37 b7 9f a4 97 1d e6 f0 49 4d d0 ea bc ff dd bb 0b fd 1c bd 60 5b 55 70 3d 77 b8 fd 66 30 94 7e fc 5f c6 0d 40 08 61 5d 00 dd 2f ef 95 cd 58 3d 12 b7 8e 73 0e 93 b2 41 2e 6e c7 bd f6 36 43 6c 9d 37 12 28 8a 40 fb 2c dc 31 0b 55 f0 bb f5 2d 4d f6 94 9d 6a f4 d8 56 61 05 9f 3a ce 4e 59 a7 ee a9 e5 e8 31 ff eb f8 28 57 41 82 1b d8 54 7d 30 73 1e 3e 63 f6 ad 71 07 80 5c 31 c4 c4 dd e0 14 be 23 4b 36 d8 d0 3a e7 d6 3d 31 ae a3 6c d4 7c e8 81 d4 f7 eb f4 58 63 96 c6 df f7 32 be 99 ff 3b 96 6e 87 ee 9f e7 2d 4f 7f 78 ce f2 5f df 1d a4 c7 c6 d4 54 ed bf ce 4a d6 3a 46 ed 7b ae e3 42 f0 f1 51 f0 ad ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d5 9f b9 d7 5e fe f7 bb 96 8e e7 1e 0d df b9 f3 Data Ascii: kdUp/47IM`[Up=wf0~_@a]/X=sA.n6Cl7(@,1U-MjVa:NY1(WAT}0s>cq\1#K6:=1l\|Xc2;n-Ox_TJ:F{BQL^tVtW^
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: 7a 17 34 66 e3 23 20 39 a3 3c 1c b8 4e 0e 23 e4 8b e5 9c 4c e3 f1 f0 f4 e7 94 66 03 a3 73 11 7d 1a 13 06 c8 3b 74 bd 3f 5a fb 8f 9f 3e 7d da a4 91 fb a9 a6 0a 00 d2 40 43 b4 d1 9b a5 13 86 33 b7 40 6b 0f 86 85 bc f0 6a 25 cf 40 74 87 b6 74 ed 60 34 fb 8b 3f 7d ee d9 8f 7b 03 36 3c 4d 13 55 ac f5 48 7f 94 cf f0 fa fe b6 7e 2d 9f 9f 0f c6 cc fe f1 e8 01 fd 70 24 26 d7 1c cf 8f 61 96 f1 93 48 6e b6 58 e2 6f 12 fe 3a 8e 8e e3 6e 37 10 bb 35 09 4d ba b5 b9 29 5f 6b a0 03 f2 6e 58 45 60 6d 8d cf b7 c3 de 55 02 9c 01 e6 8b 6d 0a 88 ed 2d 15 29 33 76 6d 26 48 d9 d5 28 bd 98 b5 81 ca b1 e3 12 d8 bb 61 35 13 59 6a d2 a8 29 63 61 f2 92 13 f8 e1 33 03 85 e9 05 d0 08 06 88 73 1e 46 81 20 c1 d9 24 4d 7f a7 9b 9b ae f5 1b 1a f2 ed 17 91 e7 e9 3e 55 a3 33 cd 8c 04 64 f9 Data Ascii: z4f# 9<N#Lfs};t?Z>}@C3@kj%@tt`4?}{6<MUH~-p$&aHnXo:n75M)_knXE`mUm-)3vm&H(a5Yj)ca3sF $M>U3d
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: ee ab c6 fa 25 49 00 e8 bd 7c 45 9c c6 ea 02 09 4e a9 17 2d b1 bb 87 7e 4f eb 3e 02 35 0e 2d cc 50 55 df c4 40 31 60 40 43 f7 10 9f 65 e7 6f e1 f5 29 fe bb 5c b6 7b 8c d8 c9 d0 3f f5 2f c2 92 40 c1 7b 1a 86 87 c1 69 d8 43 75 8e 66 09 40 82 c5 f4 87 9e df e7 0c 49 2e f1 85 3d 0b ea cb 82 b7 a1 d5 d1 1c 5d 4e 68 57 68 59 c6 d6 cf de bb 12 5c 63 d8 90 0c a3 05 fc 6d 08 3b 9e 73 81 e0 0e bd dc 6e 17 e6 4b c9 18 2c 4a f8 19 54 98 53 58 01 a0 6f 44 dc da 40 06 b1 d9 80 b3 d8 a1 21 fe 9c 70 09 a9 83 68 d7 17 24 fd 84 0b 3e 7d 4f 09 84 4d 9c 87 58 f2 30 a1 67 5c e1 2a 20 94 65 37 1f 58 4b 9f 4b 6f 58 8f c5 e9 6d 6b c9 9d 02 c3 85 92 fe 69 38 14 aa 59 b0 71 ca 95 33 fd ca 4b dc 53 a1 a1 11 b2 43 7d de 21 e0 6b d5 d6 c0 06 fb 61 21 1b 94 7b 99 9a ed 24 ee 71 d7 2b Data Ascii: %I\|EN-~O>5-PU@1`@Ceo)\{?/@{iCuf@I.=]NhWhY\cm;snK,JTSXoD@!ph$>}OMX0g\* e7XKKoXmki8Yq3KSC}!ka!{$q+
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: e2 f3 ca 57 eb 03 ad 3a ec 69 9b ef a4 d7 10 7c da 4b 1a 2e 8a 14 53 9b 68 bf c1 01 76 5c fe 97 bc a0 31 ec d4 06 ed 66 1f 04 7b f1 81 d3 93 c5 42 30 06 09 ce 02 c1 e9 df 11 cd 95 66 24 df 12 99 35 7f 98 7c c0 ae a8 8a 11 5f 40 1a ac a7 bd b5 e5 6f 34 3d 62 43 e6 84 e3 41 ca 26 a6 61 a3 82 c6 ac c0 b4 44 74 ec 16 2d ae 5b 28 6c dd 50 50 e4 63 b4 2b 59 fc 5e 55 72 0d d8 8b e5 47 98 13 7e d8 f5 c5 ae ad 70 c9 c6 bc 81 d5 c6 01 fa 80 6e be 68 ae 8b 6a 96 d9 22 7c fb 47 cd d5 a8 b9 72 2b d4 f6 35 ed dc a9 6c 88 4f b0 d4 14 10 f3 7d 66 1a 28 ca ca 34 2e 88 41 bd 80 e6 1b 7a b4 a0 f9 a7 a1 a0 35 30 6f 52 92 fa fe 29 ed 4f 24 fc 64 47 b7 3a 5d f5 79 57 00 3d 90 66 2f 31 fe 54 c6 36 a4 b3 b5 e2 4d ac dd 47 40 b0 90 58 a1 0f ce bb 8a 81 71 c5 46 34 0c 4c 22 09 e3 Data Ascii: W:i\|K.Shv\1f{B0f$5\|_@o4=bCA&aDt-[(lPPc+Y^UrG~pnhj"\|Gr+5lO}f(4.Az50oR)O$dG:]yW=f/1T6MG@XqF4L"
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: bb 5a fa e7 24 18 2e 16 18 16 a7 69 f1 4c d0 62 8e 7a 73 e6 3a 7b 87 ef 8e 3e 7f dc ff f9 fc 70 e7 c5 91 43 a1 d3 40 66 f1 a4 89 84 ab 10 18 58 3b d2 16 ec b9 88 a8 af 3c f6 12 85 e7 e2 e0 00 33 0f 0e a0 54 15 46 c7 18 21 db f5 23 21 ce c9 d0 02 0c b2 53 db 58 bb c5 d9 4a dc 3b c3 13 30 1b ca 95 d0 89 da ac c3 b7 7b 6f 4a 7f a1 46 c7 61 74 92 a1 1d b5 1d 6c d9 51 4d 03 c7 e4 9f 16 8b c8 74 ad ae 8d 7d d7 63 39 af 1a 8b d1 ae 6a 4b 00 8c f7 a0 9d b4 e4 7a 60 a1 13 f3 75 fe 39 87 ed b7 f6 88 89 7f 89 d1 07 3a 66 fa 37 93 67 bd e4 aa 90 44 d3 60 a7 a7 03 98 71 23 02 39 d1 57 d4 c1 70 c7 ec 30 e3 90 d8 06 b3 fc 7a 44 41 ca 54 e7 e9 b6 54 2c ca 44 74 8a f6 50 11 7b 20 2b f9 db da aa 60 c7 d4 a5 b7 aa ef 05 e5 52 f3 d1 b4 e8 65 33 31 b3 14 84 29 85 88 e2 5d 84 Data Ascii: Z$.iLbzs:{>pC@fX;<3TF!#!SXJ;0{oJFatlQMt}c9jKz`u9:f7gD`q#9Wp0zDATT,DtP{ +`Re31)]
2024-10-21 15:21:51 UTC	1378	IN	Data Raw: a0 7f dd 39 f2 14 14 bb 54 7c 41 4b fa d2 4f 4b 63 d2 58 41 03 6b 2e db 55 df 60 3c cd 25 4c f8 ba ba eb 6a 2e 01 30 6b e0 70 33 18 fe bf 81 82 46 ca 22 e2 fd e6 11 a8 50 2e 5b 00 27 db 6a 3d 78 f8 b8 65 30 c7 5e a9 cc fd 07 bc d0 c3 3f 85 00 78 12 21 05 e9 e3 bf ba e5 81 81 ee 1b 25 ff bd 11 1b c8 f0 d8 58 d8 8f 8c fe 86 e6 46 61 22 0c 5a 6b ed 56 94 f4 46 d9 1a 00 1a b9 a5 5b c8 ac 28 ba f9 91 39 b0 72 75 1c 90 c8 f0 82 8e 6f 2c ba d9 ea 6c 90 34 46 73 1d 2b 7b c0 79 63 b7 97 1f 8c 66 d5 bb 57 7e 75 9b b4 81 a3 5e 8e c6 42 1e c8 28 8d b5 2b e6 75 43 e7 f4 7f 45 e1 38 ea 88 46 d6 94 f7 84 49 db 9f e8 26 4b 36 7e b3 c9 69 55 93 a5 f2 b2 49 c3 8a 14 29 85 47 c2 e6 a9 74 bf e8 c0 03 e3 ab ca 20 41 49 69 c2 48 9f 50 d3 62 ce 8a bd 48 8a 37 20 d6 f8 29 3f 53 Data Ascii: 9T\|AKOKcXAk.U`<%Lj.0kp3F"P.['j=xe0^?x!%XFa"ZkVF[(9ruo,l4Fs+{ycfW~u^B(+uCE8FI&K6~iUI)Gt AIiHPbH7 )?S

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:51 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-21 15:21:51 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25932 Date: Mon, 21 Oct 2024 15:21:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-21 15:21:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:53 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:53 UTC	557	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:53 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: e3495b04-d01e-0065-4fcc-23d95a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152153Z-178ffc65759s7gvj790ueq542n00000008d0000000005ddw Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:53 UTC	15827	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-10-21 15:21:53 UTC	16384	IN	Data Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp4'eD)q:
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 Data Ascii: kD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-x$$QifD`7
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 Data Ascii: MR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 Data Ascii: yfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 Data Ascii: u\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO\|4"
2024-10-21 15:21:54 UTC	16384	IN	Data Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>uBRC)@7g_

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:53 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:53 UTC	556	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:53 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Wed, 25 Sep 2024 23:20:16 GMT ETag: 0x8DCDDB89D35644B x-ms-request-id: cb2b920e-001e-006c-6ecc-23c3d4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152153Z-178ffc65759h6zr9gshwvg1mgg00000008u0000000002m9a Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:53 UTC	15828	IN	Data Raw: 1f 8b 08 08 b0 9a f4 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-10-21 15:21:53 UTC	16384	IN	Data Raw: 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db Data Ascii: e\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
2024-10-21 15:21:53 UTC	16384	IN	Data Raw: 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 Data Ascii: kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q@4'
2024-10-21 15:21:53 UTC	16384	IN	Data Raw: 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 Data Ascii: _CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[
2024-10-21 15:21:53 UTC	5227	IN	Data Raw: 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:54 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-10-21 15:21:54 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-10-21 15:21:54 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 21 Oct 2024 15:21:54 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8d623d728d6f17bd-EWR alt-svc: h3=":443"; ma=86400
2024-10-21 15:21:54 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ff 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomQ)

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report (No subject) (90).eml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\19e9eca9-f523-41f9-a8c3-a994b5f3455e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\228fbea3-2398-4397-90d5-d76ea0fc83cb.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\450d1880-9fe4-4feb-aa93-ddd82d7a4e39.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5c454edc-a43f-4021-b810-148ca536901c.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\61272426-af83-43cf-bc67-52e3031c26bd.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f1455a2d-336d-4887-89ed-652c8792d8ba.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6716718B-F38.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6716718C-1C80.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2c9eb6fa-38fb-46ed-b46c-285d6104e22e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\897548e3-bb91-429b-8025-db636f250649.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\988f75bb-291f-4582-ba41-2e084a1d6096.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Windows Analysis Report
(No subject) (90).eml

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 44d331bd-d01e-0021-26cc-230536000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc65759tbh4guw9nprg7en00000008dg000000003nv9 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 1b57804f-c01e-0017-43cc-23a864000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc65759jpznb60zg85y41000000008eg00000000cppa Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: 45892ece-a01e-006a-11cc-2334ac000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc657596nmltszqv4dpv1800000008t000000000pngg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: cb2b9aee-001e-006c-2acc-23c3d4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc65759s7gvj790ueq542n000000088000000000rqfr Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 50cfb690-401e-0006-02cc-239f7f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc65759ltvfqk1p4048kt4000000088g00000000fhd1 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:55 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:55 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:55 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 8ec900ac-c01e-001c-27cc-23b010000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152155Z-178ffc65759tbh4guw9nprg7en00000008ag00000000fhv6 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:55 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:56 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:56 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:56 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: 5fef100a-901e-0069-07cc-2337ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152156Z-178ffc65759sqv7lrwy1666yds00000008gg00000000vc61 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:56 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:21:56 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:21:56 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 21 Oct 2024 15:21:56 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: e34963ac-d01e-0065-02cc-23d95a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241021T152156Z-178ffc65759s2lrrn1hbsvp3a800000008q0000000006hm8 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-21 15:21:56 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:22:10 UTC	620	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730128911&P2=404&P3=2&P4=dPAPCeCU4n%2bvMAeY1OGLudYGfgHb%2b4GKjtlYXcqpW9fA2v6SyGlYlYB0rf1SQlgZN%2fC6NbXluDz%2bqLfq33rq9g%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: apwiqwA4KSjHpW6UnW1X/A Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-21 15:22:10 UTC	1243	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: e13f0f62-d9cc-4e0d-b86b-192cc00e5ac6 MS-RequestId: a501378a-aec6-4c3f-a763-219ecb864996 MS-CV: hYSYxd/OqRM4hEciWeuq/9.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86375 Date: Mon, 21 Oct 2024 15:22:10 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.45.172.34,b=13738507,c=g,n=US_NJ_EDISON,o=20940],[c=p,n=US_NJ_EDISON,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.22ac2d17.1729524130.d1a20b Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-10-21 15:22:10 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Timestamp	Bytes transferred	Direction	Data
2024-10-21 15:22:12 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=duZveDGKDdT+ygm&MD=4+SAO1DX HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-21 15:22:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 7a331db9-58f8-4626-b976-5cac6084e02a MS-RequestId: 9c3c54cd-ae79-4cd7-be31-050ab5f3864c MS-CV: 86fgFmq3S0e781UC.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 21 Oct 2024 15:22:12 GMT Connection: close Content-Length: 30005
2024-10-21 15:22:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-21 15:22:13 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro