Edit tour

Windows Analysis Report
ALERT Home Network Breaches.msg

Overview

General Information

Sample name:	ALERT Home Network Breaches.msg
Analysis ID:	1541824
MD5:	e312253d31d6b4b953a6278e55b0dff8
SHA1:	1f1edb998ac689a959633188721556b027b4bec9
SHA256:	4f2b29decdf15a7991b5a1d16558b0ad2aa391a62161e1cff82193375c632651
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected potential phishing Email

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Sigma detected: Suspicious Office Outbound Connections

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

OUTLOOK.EXE (PID: 7220 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ALERT Home Network Breaches.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 3672 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A24419E8-483F-4BAD-AFA0-862110806469" "21090EE9-A3D3-48F4-85F1-1F3FE46118D9" "7220" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

msedge.exe (PID: 6708 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5864 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2088,i,16850093930292560535,15653450575445614346,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3092 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7856 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7784 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5180 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7872 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7220, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7220, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49727, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 7220, Protocol: tcp, SourceIp: 3.221.165.56, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.221.165.56:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.7:50845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50848 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.7:50844 -> 162.159.36.2:53

Source: Joe Sandbox View	IP Address: 13.107.246.43 13.107.246.43
Source: Joe Sandbox View	IP Address: 94.245.104.56 94.245.104.56

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3

Source: global traffic	HTTP traffic detected: GET /Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4YmlDYlFpSTNmODJCUnJvZ2dJNThnTVZjUTFwUXJ0NGEzSEVCZG11ODN5WjcveHJBZ3RWVmV5RFNEMlA4YVVSZz09LS13aDdBWGZMQUZaZXFhejc4LS1LQkZLc1k1OVIyRyswd0lOQkdJdTZ3PT0=?cid=2242420613 HTTP/1.1Accept: /User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: temp.farenheit.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.51
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4YmlDYlFpSTNmODJCUnJvZ2dJNThnTVZjUTFwUXJ0NGEzSEVCZG11ODN5WjcveHJBZ3RWVmV5RFNEMlA4YVVSZz09LS13aDdBWGZMQUZaZXFhejc4LS1LQkZLc1k1OVIyRyswd0lOQkdJdTZ3PT0=?cid=2242420613 HTTP/1.1Accept: /User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: temp.farenheit.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: temp.farenheit.net
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com

Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.aadrm.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.cortana.ai
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.office.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.onedrive.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://api.scheduler.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://app.powerbi.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://augloop.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.11.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://canary.designerapp.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.entity.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: manifest.json.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cortana.ai
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cortana.ai/api
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://cr.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://d.docs.live.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: Reporting and NEL.11.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://directory.services.
Source: manifest.json.10.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ecs.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log0.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://gaana.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://graph.windows.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://graph.windows.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://invites.office.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.windows.local
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://m.kugou.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://m.vk.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://management.azure.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://management.azure.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://messaging.office.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://mss.office.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://music.amazon.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://music.apple.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://music.yandex.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officeapps.live.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://onedrive.live.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://open.spotify.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office365.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://powerlift-user.acompli.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://service.powerapps.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://settings.outlook.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://substrate.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://tasks.office.com
Source: email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTM=
Source: ALERT Home Network Breaches.msg, ~WRS{78259087-DB0F-4948-A79C-018FFF52B249}.tmp.0.dr, email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hO
Source: ALERT Home Network Breaches.msg	String found in binary or memory: https://temp.farenheit.net/XU2xieHFTWW1FTWhNM2h4S2tlSXV
Source: email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/XU2xieHFTWW1FTWhNM2h4S2tlSXVOdDIycVRsa=
Source: ALERT Home Network Breaches.msg, ~WRS{78259087-DB0F-4948-A79C-018FFF52B249}.tmp.0.dr, email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/XU2xieHFTWW1FTWhNM2h4S2tlSXVOdDIycVRsalVGUnRBRU1YMHJNbGZOV3U3LzRUbDBBUE1m
Source: email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENV=
Source: ~WRS{78259087-DB0F-4948-A79C-018FFF52B249}.tmp.0.dr, email.mht.0.dr	String found in binary or memory: https://temp.farenheit.net/Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://tidal.com/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://twitter.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://vibe.naver.com/today
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://web.telegram.org/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://web.whatsapp.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.deezer.com/
Source: Web Data.10.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.instagram.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.last.fm/
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.messenger.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.office.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.tiktok.com/
Source: C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	String found in binary or memory: https://www.yammer.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://www.youtube.com
Source: 4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50857
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 50878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50879
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown	Network traffic detected: HTTP traffic on port 50871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50874
Source: unknown	Network traffic detected: HTTP traffic on port 50879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 50846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50845
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50848
Source: unknown	Network traffic detected: HTTP traffic on port 50855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.221.165.56:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.7:50845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:50848 version: TLS 1.2

Source: classification engine

Classification label: sus24.winMSG@43/215@4/6

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241025T0203160998-7220.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ALERT Home Network Breaches.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A24419E8-483F-4BAD-AFA0-862110806469" "21090EE9-A3D3-48F4-85F1-1F3FE46118D9" "7220" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2088,i,16850093930292560535,15653450575445614346,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5180 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A24419E8-483F-4BAD-AFA0-862110806469" "21090EE9-A3D3-48F4-85F1-1F3FE46118D9" "7220" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2088,i,16850093930292560535,15653450575445614346,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5180 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Persistence and Installation Behavior

AI detected potential phishing Email

Source: Email

LLM: Detected potential phishing email: The email uses urgency and fear tactics by mentioning 'abnormal amount of home network breaches'

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Web Data.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: Web Data.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Web Data.10.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: Web Data.10.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: Web Data.10.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: Web Data.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: Web Data.10.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: Web Data.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: Web Data.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	0%	Virustotal	Browse
s-part-0015.t-0009.t-msedge.net	0%	Virustotal	Browse
s-part-0017.t-0009.t-msedge.net	0%	Virustotal	Browse
googlehosted.l.googleusercontent.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://shell.suite.office.com:1443	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://designerapp.azurewebsites.net	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/	0%	URL Reputation	safe
https://useraudit.o365auditrealtimeingestion.manage.office.com	0%	URL Reputation	safe
https://outlook.office365.com/connectors	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://lookup.onenote.com/lookup/geolocation/v1	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://canary.designerapp.	0%	URL Reputation	safe
https://www.yammer.com	0%	URL Reputation	safe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	0%	URL Reputation	safe
https://cr.office.com	0%	URL Reputation	safe
https://messagebroker.mobile.m365.svc.cloud.microsoft	0%	URL Reputation	safe
https://edge.skype.com/registrar/prod	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://tasks.office.com	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://edge.skype.com/rps	0%	URL Reputation	safe
https://messaging.engagement.office.com/	0%	URL Reputation	safe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/groups	0%	URL Reputation	safe
https://web.microsoftstream.com/video/	0%	URL Reputation	safe
https://api.addins.store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://graph.windows.net	0%	URL Reputation	safe
https://consent.config.office.com/consentcheckin/v1.0/consents	0%	URL Reputation	safe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	0%	URL Reputation	safe
https://safelinks.protection.outlook.com/api/GetPolicy	0%	URL Reputation	safe
https://ncus.contentsync.	0%	URL Reputation	safe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	0%	URL Reputation	safe
http://weather.service.msn.com/data.aspx	0%	URL Reputation	safe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	0%	URL Reputation	safe
https://mss.office.com	0%	URL Reputation	safe
https://pushchannel.1drv.ms	0%	URL Reputation	safe
https://wus2.contentsync.	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/ios	0%	URL Reputation	safe
https://api.addins.omex.office.net/api/addins/search	0%	URL Reputation	safe
https://outlook.office365.com/api/v1.0/me/Activities	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/android/policies	0%	URL Reputation	safe
https://entitlement.diagnostics.office.com	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://substrate.office.com/search/api/v1/SearchHistory	0%	URL Reputation	safe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	0%	URL Reputation	safe
https://service.powerapps.com	0%	URL Reputation	safe
https://graph.windows.net/	0%	URL Reputation	safe
https://devnull.onenote.com	0%	URL Reputation	safe
https://messaging.office.com/	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe
https://messaging.action.office.com/setcampaignaction	0%	URL Reputation	safe
https://visio.uservoice.com/forums/368202-visio-on-devices	0%	URL Reputation	safe
https://staging.cortana.ai	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	0%, Virustotal, Browse	unknown
s-part-0015.t-0009.t-msedge.net	13.107.246.43	true	false	0%, Virustotal, Browse	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	0%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	142.250.186.65	true	false	0%, Virustotal, Browse	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false		unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false		unknown
landing.training.knowbe4.com	3.221.165.56	true	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		unknown
bzib.nelreports.net	unknown	unknown	false		unknown
temp.farenheit.net	unknown	unknown	false		unknown
171.39.242.20.in-addr.arpa	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Web Data.10.dr	false	URL Reputation: safe	unknown
https://shell.suite.office.com:1443	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	Web Data.10.dr	false	URL Reputation: safe	unknown
https://designerapp.azurewebsites.net	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/connectors	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://cdn.entity.	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.11.dr	false	URL Reputation: safe	unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://docs.google.com/	manifest.json.10.dr	false		unknown
https://api.aadrm.com/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://www.youtube.com	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://canary.designerapp.	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://www.instagram.com	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://www.yammer.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://temp.farenheit.net/Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4	~WRS{78259087-DB0F-4948-A79C-018FFF52B249}.tmp.0.dr, email.mht.0.dr	false		unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://api.microsoftstream.com/api/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://cr.office.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://otelrules.svc.static.microsoft	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://outlook.office.com/mail/compose?isExtension=true	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://edge.skype.com/registrar/prod	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://i.y.qq.com/n2/m/index.html	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://www.deezer.com/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://res.getmicrosoftkey.com/api/redemptionevents	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://tasks.office.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://officeci.azurewebsites.net/api/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTM=	email.mht.0.dr	false		unknown
https://web.telegram.org/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://my.microsoftpersonalcontent.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://store.office.cn/addinstemplate	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://temp.farenheit.net/XU2xieHFTWW1FTWhNM2h4S2tlSXV	ALERT Home Network Breaches.msg	false		unknown
https://edge.skype.com/rps	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-2.corp.google.com/	manifest.json.10.dr	false		unknown
https://messaging.engagement.office.com/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.10.dr	false	URL Reputation: safe	unknown
https://www.odwebp.svc.ms	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/groups	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://web.microsoftstream.com/video/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://api.addins.store.officeppe.com/addinstemplate	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-1.corp.google.com/	manifest.json.10.dr	false		unknown
https://graph.windows.net	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://excel.new?from=EdgeM365Shoreline	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://drive-daily-5.corp.google.com/	manifest.json.10.dr	false		unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.11.dr	false		unknown
https://consent.config.office.com/consentcheckin/v1.0/consents	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://d.docs.live.net	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://safelinks.protection.outlook.com/api/GetPolicy	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://ncus.contentsync.	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://drive-preprod.corp.google.com/	manifest.json.10.dr	false		unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
http://weather.service.msn.com/data.aspx	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://bard.google.com/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://mss.office.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://pushchannel.1drv.ms	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://wus2.contentsync.	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/ios	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/api/addins/search	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://www.office.com	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://outlook.live.com/mail/0/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://outlook.office365.com/api/v1.0/me/Activities	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://entitlement.diagnostics.office.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://tidal.com/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://storage.live.com/clientlogs/uploadlocation	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://gaana.com/	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://login.microsoftonline.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://substrate.office.com/search/api/v1/SearchHistory	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/compose?isExtension=true	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://service.powerapps.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://graph.windows.net/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://devnull.onenote.com	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://messaging.office.com/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://skyapi.live.net/Activity/	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://word.new?from=EdgeM365Shoreline	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://api.cortana.ai	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Web Data.10.dr	false		unknown
https://messaging.action.office.com/setcampaignaction	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp.10.dr	false		unknown
https://visio.uservoice.com/forums/368202-visio-on-devices	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown
https://staging.cortana.ai	C67F0828-8674-4A66-98EE-C34850BAD5E6.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.43	s-part-0015.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.221.165.56	landing.training.knowbe4.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541824
Start date and time:	2024-10-25 08:01:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ALERT Home Network Breaches.msg
Detection:	SUS
Classification:	sus24.winMSG@43/215@4/6
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 20.190.159.0, 40.126.31.71, 40.126.31.69, 20.190.159.75, 20.190.159.23, 20.190.159.73, 20.190.159.64, 20.190.159.71, 52.109.89.18, 52.113.194.132, 40.79.173.41, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.185.110, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.179, 2.23.209.189, 2.23.209.186, 2.23.209.191, 2.23.209.182, 2.23.209.187, 2.23.209.180, 2.23.209.188, 2.23.209.181
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, weu-azsc-config.officeapps.live.com, mobile.events.data.microsoft.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, officeclient.microsoft.com, l-0007.l-msedge.net, www.bing.com, ecs.office.com, bingadsedgeextension-prod.trafficmanager.net, www.tm.v4.a.prd.aadg.akadns.net, s-0005-office.config.skype.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, s-0005.s-msedge.net, edgeassetservice.azureedge.net, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, config.edge.skype.com.trafficmanager.net, ecs-office.s-0005.s-msedge.net, www.bing.com.edge
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
13.107.246.43	https://486c9ed9266e5aa980000530de1a7faee8be5484d9b948f8e156ba7c45.pages.dev/47719c21c318cb8ebd2e/c4e4d5b1f10925#Qm1OTURwIjoid28iLCJGQm0iOiJ3byIsImVtIjoiWjJGaWFTNWlhV1ZuUUdsd2NtOTBaWGd1WkdVPSIsIm1OTURwZ2kiOiJ3byIsIlA2RkJtIjoid28iLCIwYVA2Ijoid28=	Get hash	malicious	HTMLPhisher	Browse
	xlwings.xlam	Get hash	malicious	Hidden Macro 4.0	Browse
	http://pub-945293ef7a9047adb26d2ddd47a2d837.r2.dev/cpanel.html	Get hash	malicious	HTMLPhisher	Browse
	https://1drv.ms/o/c/e6ccafb0b1aa23aa/ErAFgONHz7JMjKMGZiNY1B8BzX_hsp6NES_6N9-YPDqBow?e=ZhzETj	Get hash	malicious	HTMLPhisher	Browse
	http://pub-44672067528c462ea47a10cc0c07ac29.r2.dev/faculty.html	Get hash	malicious	HTMLPhisher	Browse
	https://twwi.documentother.com/ihdLI	Get hash	malicious	Unknown	Browse
	https://app.powerbi.com/view?r=eyJrIjoiZDM5MzcyYWMtMmJhZi00OWYwLWIyODktMmEwY2EwM2QxMzQ2IiwidCI6ImIwMzVhZGFmLWE4M2EtNDUyYS05MGI0LTQyYjU4NGI0NGU0MiJ9	Get hash	malicious	HTMLPhisher	Browse
	https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=4Viyci7sWkyLGInvKFzNVcYsA2Dcqj5AgwCe033i5sJUNFBXRlFDSUMzUzU4TDUyQ1ZBUDNBQTlDWC4u	Get hash	malicious	HTMLPhisher	Browse
	Zen Desk Follow Up-20240905_140238-Meeting Recording.mp4.html	Get hash	malicious	HTMLPhisher	Browse
	http://pub-c00e6b233835461aa39db2b6b030abc8.r2.dev/bbb2.html	Get hash	malicious	HTMLPhisher	Browse
94.245.104.56	setup.msi	Get hash	malicious	Unknown	Browse
	(No subject) (90).eml	Get hash	malicious	Unknown	Browse
	test.exe	Get hash	malicious	Babadeda	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	VlmNuDYKAv.exe	Get hash	malicious	Amadey, Stealc	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	pud8g3zixE.exe	Get hash	malicious	Amadey, Stealc	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
3.221.165.56	https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613	Get hash	malicious	Unknown	Browse
3.221.165.56	https://report-scam.malwarebouncer.com/XOHNZUWRVSkNPN3B3b0dyakdQVFVmb1FYdjkxSFkwYVlNbnhFS1hyOVg0UkpoZzNZd04zaWh2UTZ0RE13ZGV6SklWLzhFZ20wYTNPenFQbzZBUHRIWFMvcVNMc0dvZDRsUU93QlNUckovcGQ4SXFlblYvcjhsWVo2RGxhdTNIc3pvNWZDcHU4T1NHa1hBR1V2MGtpUGthRjJudk1GSFowOFdHeVZsVzZSS2hXWlRvOGpZZERIZzVVZnFRPT0tLXFVZ29kckVLdmlIVEc3a08tLS9GWUhhdmh2L3BXNkN3ZzVhSlczWVE9PQ==?cid=2249425773	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	https://sitecoresolrlb-mig.uat.ashurst.com/384ff7382de624fb94dbaf6da11977bba1ecd427	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	Import_Declainvoice.htm	Get hash	malicious	Unknown	Browse	13.107.246.45
	Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://www.queleas.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://scansourcce.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	bc3c228ad2c13f96cb14375c3860e802.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	Inv Confirmation.htm	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://t.ly/8Lgfk	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	SecuriteInfo.com.Other.Malware-gen.26961.24680.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	setup.msi	Get hash	malicious	Unknown	Browse	94.245.104.56
	(No subject) (90).eml	Get hash	malicious	Unknown	Browse	94.245.104.56
	test.exe	Get hash	malicious	Babadeda	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	VlmNuDYKAv.exe	Get hash	malicious	Amadey, Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	pud8g3zixE.exe	Get hash	malicious	Amadey, Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
s-part-0015.t-0009.t-msedge.net	Justificante de pago.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	13.107.246.43
	ATTN1.html	Get hash	malicious	Unknown	Browse	13.107.246.43
	http://nndpdnm.3utilities.com/#bd5on/p8la73b/LoiU9/1oQd1tRDE-SUREIDANt92YuMXZpJHZuV3bmxWYi9GbnBUY5hGZhBHc15Cdp1WY	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	13.107.246.43
	_Potential Phish_ Kubota canada Contract & Agreement Review Request_.eml	Get hash	malicious	Unknown	Browse	13.107.246.43
	https://iaagech.r.bh.d.sendibt3.com/tr/cl/HbCG7HY3-h5rZfovy00HNNLe0j3RnxXb26nvo3kOe3oxfbkDbjlXLS8JIxS8MWqJ0IJjXYhj0TNxoAgAUy4xmhzCdSv0LUhQqDQjXpyz9SgmaNARyJi6eLbyVDdS-z66A39X42fTywvNMykxsy77MRWSnmgneEu7A3f2itq78qkk_Pb9AoBiMNoxxhBMZFAW7sfPCkFdIO4YBPaaZH5HpL3pApYqQ8AGRjpDmGDueePRQh_67Hy1BwwX5xOgsiDVlIQNzOC8DmIYYlf8rgsdFIUcfNYj	Get hash	malicious	Unknown	Browse	13.107.246.43
	https://486c9ed9266e5aa980000530de1a7faee8be5484d9b948f8e156ba7c45.pages.dev/47719c21c318cb8ebd2e/c4e4d5b1f10925#Qm1OTURwIjoid28iLCJGQm0iOiJ3byIsImVtIjoiWjJGaWFTNWlhV1ZuUUdsd2NtOTBaWGd1WkdVPSIsIm1OTURwZ2kiOiJ3byIsIlA2RkJtIjoid28iLCIwYVA2Ijoid28=	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43
	https://jobs.sap.com/job/Walldorf-Partner-Engagement-Senior-Specialist-Expert-SAP-Signavio-%28mfd%29-%28limited-for-1-year%29-69190/1114958501/	Get hash	malicious	Unknown	Browse	13.107.246.43
	http://entrabdvline.serv00.net/	Get hash	malicious	Unknown	Browse	13.107.246.43
	Nulzuen.exe	Get hash	malicious	Unknown	Browse	13.107.246.43
sni1gl.wpc.nucdn.net	setup.msi	Get hash	malicious	Unknown	Browse	152.199.21.175
	https://careers.adobe.com/us/en/apply?jobSeqNo=ADOBUSR147673EXTERNALENUS	Get hash	malicious	Unknown	Browse	152.199.21.175
	MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zip	Get hash	malicious	Unknown	Browse	152.199.21.175
	(No subject) (90).eml	Get hash	malicious	Unknown	Browse	152.199.21.175
	http://google.com	Get hash	malicious	Unknown	Browse	152.199.21.175
	Update.exe	Get hash	malicious	Naso	Browse	152.195.19.97
	SecuriteInfo.com.FileRepPup.24407.3577.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	SecuriteInfo.com.FileRepPup.24407.3577.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	36.msi	Get hash	malicious	Numando	Browse	152.199.21.175
	33.msi	Get hash	malicious	Numando	Browse	152.199.21.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	22.143.85.50
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	20.66.220.145
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	21.174.199.179
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	21.27.128.77
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	40.118.167.126
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	51.11.186.117
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	20.170.176.64
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	52.157.96.0
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	21.130.147.163
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	21.24.84.163
AMAZON-AESUS	https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613	Get hash	malicious	Unknown	Browse	3.221.165.56
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	34.233.222.167
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	52.91.159.2
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	3.226.118.153
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	54.158.120.231
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	18.204.120.109
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	54.54.230.96
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	44.193.243.219
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	54.134.19.185
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	34.231.175.3
MICROSOFT-CORP-MSN-AS-BLOCKUS	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	22.143.85.50
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	20.66.220.145
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	21.174.199.179
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	21.27.128.77
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	40.118.167.126
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	51.11.186.117
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	20.170.176.64
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	52.157.96.0
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	21.130.147.163
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	21.24.84.163

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	https://sitecoresolrlb-mig.uat.ashurst.com/384ff7382de624fb94dbaf6da11977bba1ecd427	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	Import_Declainvoice.htm	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	https://bioaquatictesting-my.sharepoint.com/:f:/g/personal/securedocument_bio-aquatic_com/Eu0LAzG4abJJn1FmlYYk6C0Bm-68IB0eiVR_FSTw6lLEjw?e=pg8DKY	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xls	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	https://docsend.com/view/44v95uq7wngs3w6t	Get hash	malicious	HTMLPhisher, HtmlDropper	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	https://bmgpeu.com/	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	http://www.queleas.com/	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	http://makkahdigitalcoins.net/?shiny/	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
	http://www.thegioimoicau.com/	Get hash	malicious	Unknown	Browse	52.149.20.212 4.245.163.56 20.242.39.171
6271f898ce5be7dd52b0fc260d0662b3	Credit_Details2251397102400024.xla.xlsx	Get hash	malicious	Unknown	Browse	3.221.165.56
	Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xls	Get hash	malicious	Unknown	Browse	3.221.165.56
	https://docsend.com/view/44v95uq7wngs3w6t	Get hash	malicious	HTMLPhisher, HtmlDropper	Browse	3.221.165.56
	SecuriteInfo.com.Other.Malware-gen.26961.24680.xlsx	Get hash	malicious	Unknown	Browse	3.221.165.56
	https://www.yola.com/es/zendesk-sso?return_to=http://york.iwill.app.br/	Get hash	malicious	Unknown	Browse	3.221.165.56
	https://t.ly/2jKWO	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	3.221.165.56
	https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ff	Get hash	malicious	Unknown	Browse	3.221.165.56
	https://dca13.z4.web.core.windows.net/werrx01USAHTML/?bcda=1-877-883-8072#	Get hash	malicious	TechSupportScam	Browse	3.221.165.56
	https://asfdhjgd16dfhfgkfsgdssd.z33.web.core.windows.net/asfdsa16.html	Get hash	malicious	TechSupportScam	Browse	3.221.165.56
	Jwhite Pay Increase EFile997843.pdf	Get hash	malicious	Unknown	Browse	3.221.165.56

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089543242440406
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkTKKGf4SAtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynet5b7VLyMV/YoskFoz
MD5:	0C380A1E56F43F34F8C3A162BEFC81C1
SHA1:	7C6F8AD07BC6B20F1A6B4A51DD1D91874AFC43B7
SHA-256:	F08BE5BF4291D236F8CC9C15D2532507483D9B2223DF43A6CD9476F8491C4435
SHA-512:	2AD7C7B2D67BC98CE673C0116FCDFA298EE9CACC831A9A895487AB330597ABE7BB0ABF7CD66CBBDB07F359A6FFA5F9FD9CFE7F4A9AEEB5CF8773795DB0F7C716
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.395478119514462
Encrypted:	false
SSDEEP:	1536:VEYL5wgsUzgN04NAZogshoNcAz79ysQqt2tbK2AqoQiFrcm0FvOMuylhk4bLNXiy:Fig+LvgRmiGu2GqoQ4rt0FvLsOE2kBNS
MD5:	52227D3E85A7B43ED78576D8D0C2C868
SHA1:	2D1F26B05A78EB7CF5F195F9A6734CBC2529F47D
SHA-256:	E262CCE8385AEBF629F35C47ECD34F14357C1F4DBFC6F6C3DC8C83600007CCF6
SHA-512:	E0558E462395B44828B4C5E6DBBE6D6CCE58435525E8D05146DDEB93C63692B8B2EF30B1FA8C7C3A68740D8F992B7CF726009AD178637D7412DE9357F08E0B27
Malicious:	false
Preview:	TH02...... ../p..&......SM01X...,....!d..&..........IPM.Activity...........h...............h............H..h,........D^....h............H..h\FRO ...1\Ap...h@...0..........h.CW............h........_`Tk...h7@W.@...I.tw...h....H...8.Yk...0....T...............d.........2h...............k.........X....!h.............. h1.{4..........#h....8.........$h........8....."h.y9..... x9...'h..............1h.CW.<.........0h....4....Yk../h....h.....YkH..h ...p...,.....-h ............+hsBW..... .......5.5.;.1.3.5. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	3.8269168373963023
TrID:	Outlook Message (71009/1) 45.36% Outlook Form Template (41509/1) 26.51% Perfect Keyboard macro set (36024/1) 23.01% Generic OLE2 / Multistream Compound File (8008/1) 5.12%
File name:	ALERT Home Network Breaches.msg
File size:	99'840 bytes
MD5:	e312253d31d6b4b953a6278e55b0dff8
SHA1:	1f1edb998ac689a959633188721556b027b4bec9
SHA256:	4f2b29decdf15a7991b5a1d16558b0ad2aa391a62161e1cff82193375c632651
SHA512:	bd39b4c7fb7fd688155530aaf36d565c69e57710df60614c817622e7f8201b46a46c3ec77e3f52b7454916b994d5fd95633d6940e776fe37767364a3348f4e69
SSDEEP:	1536:1bh6P+aEwd4oJxH1WCpWHAI3G3YoWYDBc7i:1EP+3+BQAI3Gf6i
TLSH:	5AA3122439E6121AF377DF358BE290A7852ABD53AD149A5F2095330E0672941EC63F3F
File Content Preview:	........................>................................... ...................y..............................................................................................................................................................................

Subject:	ALERT: Home Network Breaches
From:	Network Support <support@secured-login.net>
To:	Rupert.Vaupel@vossloh.com
Cc:
BCC:
Date:	Thu, 24 Oct 2024 22:37:46 +0200
Communications:	CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello Rupert, Our customers have been experiencing an abnormal amount of home network breaches. We believe this is may be caused by our company's default credentials not being changed on our routers. Please follow this <https://temp.farenheit.net/XU2xieHFTWW1FTWhNM2h4S2tlSXVOdDIycVRsalVGUnRBRU1YMHJNbGZOV3U3LzRUbDBBUE1mSlY0c0xCWXhaSUROdFJhV1YxK3ZRN0xwZ09NRUZ5MGowZFNJWXlMREkyeEl1L3RuMXFQWHQ2OEN6OW1CVkxRVGg2NmY2YmJxSWpWamNQMHIxVHJOY2taNU9HUFRPQjdDeUxtSTdERHNjNXZRNjB0eUUyaDBuU0pjdG9ycjB3ckVIQ1hnN0M4SEVGLS1BSVIyWmhtWGxLUTBQQnVoLS1BVUdmclRlN2tMTlMyNm9UUENWQWFBPT0=?cid=2242420613> link <https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613> to access our remote maintenance portal and personalize your routers login immediately to avoid any breaches. <https://temp.farenheit.net/Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4YmlDYlFpSTNmODJCUnJvZ2dJNThnTVZjUTFwUXJ0NGEzSEVCZG11ODN5WjcveHJBZ3RWVmV5RFNEMlA4YVVSZz09LS13aDdBWGZMQUZaZXFhejc4LS1LQkZLc1k1OVIyRyswd0lOQkdJdTZ3PT0=?cid=2242420613>
Attachments:

Key	Value
Received	from psm.knowbe4.com (23.21.109.212) by
20	37:50 +0000
by DB8P193MB0662.EURP193.PROD.OUTLOOK.COM (2603	10a6:10:152::21) with
2024 20	37:47 +0000
(2603	10a6:208:17c::33) with Microsoft SMTP Server (version=TLS1_2,
Transport; Thu, 24 Oct 2024 20	37:47 +0000
Authentication-Results	spf=pass (sender IP is 23.21.109.212)
Received-SPF	Pass (protection.outlook.com: domain of psm.knowbe4.com
via Frontend Transport; Thu, 24 Oct 2024 20	37:47 +0000
Message-ID	<101553a48.82cb731d@psm.knowbe4.com>
DKIM-Signature	v=1; a=rsa-sha256; q=dns/txt; c=simple/simple;
Date	Thu, 24 Oct 2024 20:37:46 +0000
From	Network Support <support@secured-login.net>
Reply-To	Network Support <support.113k3uth@vossloh.2fa.com-token-auth.com>
To	Rupert.Vaupel@vossloh.com
Subject	ALERT: Home Network Breaches
Mime-Version	1.0
Content-Type	text/html;
Content-Transfer-Encoding	quoted-printable
X-PHISH-CRID	2242420613
X-PHISHTEST	This is a phishing security test from KnowBe4 that has been
Return-Path	101553a48.82cb731d@psm.knowbe4.com
X-MS-Exchange-Organization-ExpirationStartTime	24 Oct 2024 20:37:47.5522
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	9548259c-7ab8-41de-a260-08dcf46bb899
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	1790b5b9-9585-4043-a430-926cf37fa9da:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	AM4PEPF00027A69:EE_\|DB8P193MB0662:EE_\|AM9P193MB1891:EE_
X-MS-Exchange-Organization-AuthSource	AM4PEPF00027A69.eurprd04.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id	9548259c-7ab8-41de-a260-08dcf46bb899
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	-1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|3092899012\|34002699019\|69100299015\|5073199012\|2092899012\|3072899012\|12012899012\|5062899012\|4076899003\|8096899003\|18906007;
X-Forefront-Antispam-Report	CIP:23.21.109.212;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:psm.knowbe4.com;PTR:psm.knowbe4.com;CAT:NONE;SFS:(13230040)(3092899012)(34002699019)(69100299015)(5073199012)(2092899012)(3072899012)(12012899012)(5062899012)(4076899003)(8096899003)(18906007);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	24 Oct 2024 20:37:47.2709
X-MS-Exchange-CrossTenant-Network-Message-Id	9548259c-7ab8-41de-a260-08dcf46bb899
X-MS-Exchange-CrossTenant-Id	1790b5b9-9585-4043-a430-926cf37fa9da
X-MS-Exchange-CrossTenant-AuthSource	AM4PEPF00027A69.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped	DB8P193MB0662
X-MS-Exchange-Transport-EndToEndLatency	00:00:03.5209806
X-MS-Exchange-Processed-By-BccFoldering	15.20.8093.014
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info	=?us-ascii?Q?QmTWIsMi5CWSxbtgvy6j3lmmPSVJw5kC3BjkGXaAuo/OzZtsSgMNeYjnWSPP?=
date	Thu, 24 Oct 2024 22:37:46 +0200

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 08:03:36.371391058 CEST	62136	53	192.168.2.7	1.1.1.1
Oct 25, 2024 08:03:36.411955118 CEST	53	62136	1.1.1.1	192.168.2.7
Oct 25, 2024 08:03:37.529227018 CEST	53	63367	162.159.36.2	192.168.2.7
Oct 25, 2024 08:03:38.151655912 CEST	63406	53	192.168.2.7	1.1.1.1
Oct 25, 2024 08:03:38.159213066 CEST	53	63406	1.1.1.1	192.168.2.7
Oct 25, 2024 08:03:59.030618906 CEST	138	138	192.168.2.7	192.168.2.255
Oct 25, 2024 08:04:32.049107075 CEST	50768	53	192.168.2.7	1.1.1.1
Oct 25, 2024 08:04:33.151954889 CEST	57918	53	192.168.2.7	1.1.1.1
Oct 25, 2024 08:04:33.159387112 CEST	53	57918	1.1.1.1	192.168.2.7

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-25 06:03:24 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8dfc61df-c59a-42b1-bc24-0aae1f0366e1 MS-RequestId: d356e80c-4230-4f82-a8ea-76499bacf363 MS-CV: MMCLjoTn+km6+vhN.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 06:03:23 GMT Connection: close Content-Length: 24490
2024-10-25 06:03:24 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-25 06:03:24 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:37 UTC	411	OUT	GET /Xc2F5Q2MvV1JEczJGT0JwRHVOc1JBNERpQnFENVFUa0lxL1VnalhLZmNtd3cxbW01Z1VROVV4YmlDYlFpSTNmODJCUnJvZ2dJNThnTVZjUTFwUXJ0NGEzSEVCZG11ODN5WjcveHJBZ3RWVmV5RFNEMlA4YVVSZz09LS13aDdBWGZMQUZaZXFhejc4LS1LQkZLc1k1OVIyRyswd0lOQkdJdTZ3PT0=?cid=2242420613 HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16) Accept-Encoding: gzip, deflate Host: temp.farenheit.net Connection: Keep-Alive
2024-10-25 06:03:37 UTC	640	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:03:37 GMT Content-Type: image/gif Content-Length: 43 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Content-Disposition: attachment Content-Transfer-Encoding: binary Vary: Accept ETag: W/"a065920df8cc4016d67c3a464be90099" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: e51f425a-37ee-4041-a217-41f2e1ab1df7 X-Runtime: 0.074179 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-10-25 06:03:37 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:39 UTC	142	OUT	GET /clientwebservice/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: fe3cr.delivery.mp.microsoft.com
2024-10-25 06:03:39 UTC	234	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 06:03:38 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:40 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-10-25 06:03:40 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: s9kn4oNf3Uy2Gmz+.0 MS-RequestId: 0aeb9b4e-4f3a-4ba3-8ad7-ad5400718c6f MS-CorrelationId: c67535f5-e80f-4078-b5de-50ddd5eabd01 X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 06:03:40 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:42 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-25 06:03:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8a70d371-7163-4a99-a2e6-bc42d2e9bf39 MS-RequestId: 4cc57a35-0e00-4b6e-bffd-5cd1bcce5338 MS-CV: RXNyD2btw0GBNfCw.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 06:03:42 GMT Connection: close Content-Length: 24490
2024-10-25 06:03:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-25 06:03:43 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:03:44 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RToFbP2zyT+tRPF&MD=8+gC+wLT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-25 06:03:44 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: bdf58be8-3cb4-47ec-93f6-3c48acdc6d3c MS-RequestId: c343b9e8-5ee1-407e-a1e1-a486e309e18e MS-CV: dZqUkjU3FEWePGo9.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 06:03:44 GMT Connection: close Content-Length: 30005
2024-10-25 06:03:44 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-25 06:03:44 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:32 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:32 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Fri, 25 Oct 2024 06:04:32 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=08d2043fe0eddf6a1a4774ef0097be85709acca5523117bc62455fbc08a48784;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=08d2043fe0eddf6a1a4774ef0097be85709acca5523117bc62455fbc08a48784;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:34 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:34 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY2mbGp86ITEU5PcJ36VqAaDLhPbzcseA1UNIXLJbc14X34tgCoaxoh1sj-oUdJtYrqA0unjYn2w5Q X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Thu, 24 Oct 2024 20:33:29 GMT Expires: Fri, 24 Oct 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 34265 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-25 06:04:34 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-10-25 06:04:34 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:36 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:37 UTC	557	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:36 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: f6e9114d-e01e-0022-61a3-260631000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060436Z-r197bdfb6b4hsj5bywyqk9r2xw00000001g0000000005f2g Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:37 UTC	15827	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp4'eD)q:
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 Data Ascii: kD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-x$$QifD`7
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 Data Ascii: MR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 Data Ascii: yfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 Data Ascii: u\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
2024-10-25 06:04:38 UTC	16384	IN	Data Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO\|4"
2024-10-25 06:04:38 UTC	16384	IN	Data Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>uBRC)@7g_

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:36 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:37 UTC	556	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:37 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 24 Oct 2024 19:29:56 GMT ETag: 0x8DCF4623DD70062 x-ms-request-id: 54c155b2-501e-0030-24a3-26322d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060436Z-17c5cb586f6mqlb7hyuq0z97g800000002fg000000001r62 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:37 UTC	15828	IN	Data Raw: 1f 8b 08 08 34 a0 1a 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: 4gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db Data Ascii: e\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 Data Ascii: kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q@4'
2024-10-25 06:04:37 UTC	16384	IN	Data Raw: 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 Data Ascii: _CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[
2024-10-25 06:04:37 UTC	5227	IN	Data Raw: 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:39 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:40 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: da0c6ecc-d01e-0065-1da3-26d95a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060439Z-17c5cb586f6w4mfs5xcmnrny6n00000001h000000000atxz Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:39 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:39 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 46c72659-f01e-003d-80c7-25dd21000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060439Z-16849878b78ngdnlw4w0762cms00000008yg000000003pq2 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:39 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:40 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: fe0460a6-e01e-0000-3aa3-266807000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060440Z-16849878b78q4pnrt955f8nkx800000008k000000000pe0q Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:40 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:40 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 6a9fdd1f-001e-0028-7906-261fb8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060440Z-16849878b78ngdnlw4w0762cms00000008tg00000000hqsg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:40 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:40 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 342e286d-701e-0068-3e06-263656000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060440Z-16849878b785dznd7xpawq9gcn00000001h000000000763f Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ALERT Home Network Breaches.msg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0f3e10bf-0d28-4c94-8d91-4561f795d906.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1778f9f2-db4a-4d4b-bd01-00c3979c4a45.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\42590f2e-bbdc-4a86-8ab8-a22a956f52c4.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5c69cb54-c82c-4186-8424-927165d04416.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9ae2d255-8deb-4917-8c5a-18814d4cb829.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\2e13e658-bfec-40b6-9876-6848ed7cc5b2.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671B34EB-1A34.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671B34EC-C14.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\016ed235-95a4-455b-bed0-b67b4f3d070b.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1949da5f-e25b-48a6-809f-26ad33290a66.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\21c42e78-8783-4cdc-b097-c463441298b2.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4c8faf52-546a-413f-85df-9bea2e9ca82e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7248c957-3dd1-4888-a66e-e7051a7ed343.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Windows Analysis Report
ALERT Home Network Breaches.msg

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:40 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:40 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:40 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: fc671242-601e-001a-23a3-264768000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060440Z-17c5cb586f6tzc2wdxudxz0zw800000001qg00000000bd6q Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:40 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:41 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:41 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:41 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: 874622ad-f01e-0014-7aa3-26ab63000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060441Z-17c5cb586f6z6tw6g7cmdv30m8000000017g00000000683x Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:41 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Timestamp	Bytes transferred	Direction	Data
2024-10-25 06:04:41 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-25 06:04:41 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 06:04:41 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 88445255-c01e-0058-7fa3-266c7c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241025T060441Z-15b8d89586fx2hlt035xdehq580000000fwg0000000007p7 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 06:04:41 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Target ID:	0
Start time:	02:03:13
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ALERT Home Network Breaches.msg"
Imagebase:	0x9f0000
File size:	34'446'744 bytes
MD5 hash:	91A5292942864110ED734005B7E005C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	3
Start time:	02:03:19
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A24419E8-483F-4BAD-AFA0-862110806469" "21090EE9-A3D3-48F4-85F1-1F3FE46118D9" "7220" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Imagebase:	0x7ff6d9760000
File size:	710'048 bytes
MD5 hash:	EC652BEDD90E089D9406AFED89A8A8BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	8
Start time:	02:04:27
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BCYP2J7W\email.mht
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	02:04:28
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2088,i,16850093930292560535,15653450575445614346,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	15
Start time:	02:04:32
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5180 --field-trial-handle=2092,i,12356907861750496289,10950647450928371528,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre