Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1544254
MD5:e88ef66db0525f116b698a6152bbfcbe
SHA1:b9a6e6351e0556a2c7b015d34a8292fec8a50459
SHA256:37b071611c213cc53447bb1b3d1f2e00c4017a2be13756bfb6ed8a6c49e4c275
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates a window with clipboard capturing capabilities
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7568 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7896 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A2E811BA-8EE8-4D9B-B294-2324B35EC9D9" "9DC555F0-4DDE-45D0-8693-5EC74425237E" "7568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7568, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49968, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 7568, Protocol: tcp, SourceIp: 13.107.246.45, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49968 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49973 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49971 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49972 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49970 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/ebd1da46-5d90-ef11-ac21-6045bdd88425?ts=638651883871101109 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/07cb3dfa-6cd1-ee11-9079-000d3a1b99b1?ts=638441944531652733 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7c8-d891-ef11-ac21-6045bdd88425?ts=638653513834098786 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fceed3-1395-ef11-8a6a-6045bdd88425?ts=638657065932161473 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/0210afd2-8d8c-ef11-ac21-6045bdd88425?ts=638647694283804824 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/059dee09-8e8c-ef11-ac21-6045bdd88425?ts=638647695186496666 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/ebd1da46-5d90-ef11-ac21-6045bdd88425?ts=638651883871101109 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/07cb3dfa-6cd1-ee11-9079-000d3a1b99b1?ts=638441944531652733 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7c8-d891-ef11-ac21-6045bdd88425?ts=638653513834098786 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fceed3-1395-ef11-8a6a-6045bdd88425?ts=638657065932161473 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/0210afd2-8d8c-ef11-ac21-6045bdd88425?ts=638647694283804824 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficHTTP traffic detected: GET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/059dee09-8e8c-ef11-ac21-6045bdd88425?ts=638647695186496666 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Host: assets-usa.mkt.dynamics.com
Source: global trafficDNS traffic detected: DNS query: deefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com
Source: global trafficDNS traffic detected: DNS query: assets-usa.mkt.dynamics.com
Source: global trafficDNS traffic detected: DNS query: augloop.office.com
Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://augloop.office.com/settings.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://json-schema.org/draft-07/schema#
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: http://www.w3.=
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.aadrm.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.aadrm.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.cortana.ai
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.office.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.onedrive.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://api.scheduler.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://app.powerbi.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://are01.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://are01.safelinks.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://are01.safelinks.protection.outlook.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://are01.safelinks.protection.outlook.com/?=
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.s
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://assets-usa.mkt.dynamics.=
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/0210af
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/059dee
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/07cb3d
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fcee
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7
Source: ~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/ebd1da
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee5438=
Source: App1730177790892622900_BF56DEDC-95C9-4FCA-A7EC-ACA9E7C039D0.log.0.drString found in binary or memory: https://augloop.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://canary.designerapp.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.entity.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cortana.ai
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cortana.ai/api
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://cr.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://d.docs.live.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://deefdd6e50d8438292d27fd577e4eccd.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://deefdd6e50d8438292d27fd577e4eccd.svc.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://deefdd6e50d8438292d27fd577e4eccd.svc.dynamics.=
Source: phish_alert_sp2_2.0.0.0.emlString found in binary or memory: https://deefdd6e50d8438292d27fd577e4eccd.svc.dynamics=
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dev.cortana.ai
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://devnull.onenote.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://directory.services.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ecs.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://graph.windows.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://graph.windows.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://invites.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://lifecycle.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl.0.drString found in binary or memory: https://login.windows.local;
Source: OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl.0.drString found in binary or memory: https://login.windows.locale.OR
Source: OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://make.powerautomate.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://management.azure.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://management.azure.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://messaging.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://mss.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ncus.contentsync.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officeapps.live.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://onedrive.live.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office365.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office365.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://res.cdn.office.net
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://service.powerapps.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://settings.outlook.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://staging.cortana.ai
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://substrate.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://tasks.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://wus2.contentsync.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drString found in binary or memory: https://www.yammer.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49968 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49973 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49971 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49972 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49970 version: TLS 1.2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: classification engineClassification label: clean4.winEML@3/43@3/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A2E811BA-8EE8-4D9B-B294-2324B35EC9D9" "9DC555F0-4DDE-45D0-8693-5EC74425237E" "7568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A2E811BA-8EE8-4D9B-B294-2324B35EC9D9" "9DC555F0-4DDE-45D0-8693-5EC74425237E" "7568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Clipboard Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bg.microsoft.map.fastly.net0%VirustotalBrowse
s-part-0017.t-0009.t-msedge.net0%VirustotalBrowse
assets-usa.mkt.dynamics.com0%VirustotalBrowse
augloop.office.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalseunknown
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalseunknown
assets-usa.mkt.dynamics.com
unknown
unknownfalseunknown
augloop.office.com
unknown
unknownfalseunknown
deefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com
unknown
unknownfalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/07cb3dfa-6cd1-ee11-9079-000d3a1b99b1?ts=638441944531652733false
      		unknown
      https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fceed3-1395-ef11-8a6a-6045bdd88425?ts=638657065932161473false
        		unknown
        https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7c8-d891-ef11-ac21-6045bdd88425?ts=638653513834098786false
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://shell.suite.office.com:14432D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://designerapp.azurewebsites.net2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://autodiscover-s.outlook.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://useraudit.o365auditrealtimeingestion.manage.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/connectors2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cdn.entity.2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl.0.drfalse
            		unknown
            https://rpsticket.partnerservices.getmicrosoftkey.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://lookup.onenote.com/lookup/geolocation/v12D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.aadrm.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://canary.designerapp.2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://www.yammer.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.microsoftstream.com/api/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
              		unknown
              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
              • URL Reputation: safe
              		unknown
              https://cr.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
              • URL Reputation: safe
              		unknown
              https://messagebroker.mobile.m365.svc.cloud.microsoft2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
              • URL Reputation: safe
              		unknown
              https://otelrules.svc.static.microsoft2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                		unknown
                https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee5438=phish_alert_sp2_2.0.0.0.emlfalse
                  		unknown
                  https://edge.skype.com/registrar/prod2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://res.getmicrosoftkey.com/api/redemptionevents2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://tasks.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://officeci.azurewebsites.net/api/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://my.microsoftpersonalcontent.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    		unknown
                    https://store.office.cn/addinstemplate2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://edge.skype.com/rps2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messaging.engagement.office.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.odwebp.svc.ms2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.powerbi.com/v1.0/myorg/groups2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://web.microsoftstream.com/video/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.store.officeppe.com/addinstemplate2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://are01.=phish_alert_sp2_2.0.0.0.emlfalse
                      		unknown
                      https://graph.windows.net2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://are01.safelinks.=phish_alert_sp2_2.0.0.0.emlfalse
                        		unknown
                        http://www.w3.=phish_alert_sp2_2.0.0.0.emlfalse
                          		unknown
                          https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.s~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drfalse
                            		unknown
                            https://consent.config.office.com/consentcheckin/v1.0/consents2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://notification.m365.svc.cloud.microsoft/PushNotifications.Register2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                              		unknown
                              https://d.docs.live.net2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                		unknown
                                https://safelinks.protection.outlook.com/api/GetPolicy2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://ncus.contentsync.2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://weather.service.msn.com/data.aspx2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/ebd1da~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drfalse
                                  		unknown
                                  https://deefdd6e50d8438292d27fd577e4eccd.svc.dynamics=phish_alert_sp2_2.0.0.0.emlfalse
                                    		unknown
                                    https://are01.safelinks.protection.outlook.com/?=phish_alert_sp2_2.0.0.0.emlfalse
                                      		unknown
                                      https://deefdd6e50d8438292d27fd577e4eccd.svc.=phish_alert_sp2_2.0.0.0.emlfalse
                                        		unknown
                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/059dee~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drfalse
                                          		unknown
                                          https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://mss.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://pushchannel.1drv.ms2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://wus2.contentsync.2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://clients.config.office.net/user/v1.0/ios2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.addins.omex.office.net/api/addins/search2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fcee~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drfalse
                                            		unknown
                                            https://outlook.office365.com/api/v1.0/me/Activities2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://clients.config.office.net/user/v1.0/android/policies2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://entitlement.diagnostics.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://outlook.office.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                              		unknown
                                              https://storage.live.com/clientlogs/uploadlocation2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                		unknown
                                                https://assets-usa.mkt.dynamics.=phish_alert_sp2_2.0.0.0.emlfalse
                                                  		unknown
                                                  https://login.microsoftonline.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://substrate.office.com/search/api/v1/SearchHistory2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://clients.config.office.net/c2r/v1.0/InteractiveInstallation2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://service.powerapps.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://graph.windows.net/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://devnull.onenote.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://messaging.office.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://skyapi.live.net/Activity/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.cortana.ai2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                    		unknown
                                                    https://messaging.action.office.com/setcampaignaction2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://visio.uservoice.com/forums/368202-visio-on-devices2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://staging.cortana.ai2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://onedrive.live.com/embed?2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                      		unknown
                                                      https://augloop.office.comApp1730177790892622900_BF56DEDC-95C9-4FCA-A7EC-ACA9E7C039D0.log.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://login.windows.local;OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl.0.drfalse
                                                        		unknown
                                                        https://api.diagnosticssdf.office.com/v2/file2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://officepyservice.office.net/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.diagnostics.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.office.de/addinstemplate2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://wus2.pagecontentsync.2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.powerbi.com/v1.0/myorg/datasets2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://assets-usa.mkt.dynamics.com/af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp.0.drfalse
                                                          		unknown
                                                          https://cortana.ai/api2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://are01.safelinks.protection.outlook.=phish_alert_sp2_2.0.0.0.emlfalse
                                                            		unknown
                                                            https://api.diagnosticssdf.office.com2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://login.microsoftonline.com/2D856CF8-223E-4CCC-8CBE-45FB4A4947CC.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            13.107.246.45
                                                            		s-part-0017.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1544254
                                                            Start date and time:2024-10-29 05:55:15 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 5m 3s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:9
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:phish_alert_sp2_2.0.0.0.eml
                                                            Detection:CLEAN
                                                            Classification:clean4.winEML@3/43@3/1
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .eml

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.68.129, 2.19.126.151, 2.19.126.160, 52.113.194.132, 184.28.90.27, 199.232.214.172, 20.189.173.15, 52.183.87.159, 52.111.231.21, 93.184.221.240
                                                            • Excluded domains from analysis (whitelisted): omex.cdn.office.net, mktsvcp102wu001.westus2.cloudapp.azure.com, slscr.update.microsoft.com, assets-mkt-usa.azureedge.net, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, augloop-prod-pa01.francecentral.cloudapp.azure.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, onedscolprdwus14.westus.cloudapp.azure.com, assets-mkt-usa.afd.azureedge.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, w
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                            Simulations

                                                            Behavior and APIs

                                                            No simulations

                                                            LLM Input / Output

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                                            • nam.dcv.ms/BxPVLH2cz4

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            s-part-0017.t-0009.t-msedge.netSalary_Structure_Benefits_for_Sebastien.daveauIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                            • 13.107.246.45
                                                            https://api.inspectrealestate.com.au/email/track?eta=1&t=B32-5UARLGTXC6GHXC7PJPHCGUP7HMF6FJEQ76L6MOL7WYB6P6EYQNBONANBBGKOXFRO3HPDET5TXGOZXG5FJNMJJC437YUYUWDF5VEVIWPK6LECEZJV3OMRCXF6VI76ZOGYOFIOERVACTHYB4KHK22IKKEWLYPTUBLONXLA7QVY2SW2TZMW4ULVG2UAKDR3DM3RL4TTJAF3F3ROXQ3ZLRVYS7Z2T4TIQETEEUV73V42AQLF65YKSUX6JMYEW3ZHXPREAMXXBOQV32GKOYOISFZKX4GPTPR2IMSMCULLR2V4QUSMU3MWF7NQ%3D%3D%3D%3DGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            (No subject) (98).emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            original.emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousStealcBrowse
                                                            • 13.107.246.45
                                                            setup.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            setup.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9Get hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!sb98dbf79ab614921877689e4912e2fae&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VubV9qYmxocXlGSmgzYUo1SkV1TDY0QmtKQzA5SEFwTjV6cTh1YW5PSWxxNEE_ZT1pdGFpeGo&wd=target%28Sezione%20senza%20titolo.one%7Ccfe57f3b-5d7b-4d15-b045-f6fdb53b3776%2FRechnung%2039920898-43006843%20%5C%7C%20Ebner%20Media%20Group%7C205becae-dae9-4a36-907a-485bcab69387%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            bg.microsoft.map.fastly.nethttps://api.inspectrealestate.com.au/email/track?eta=1&t=B32-5UARLGTXC6GHXC7PJPHCGUP7HMF6FJEQ76L6MOL7WYB6P6EYQNBONANBBGKOXFRO3HPDET5TXGOZXG5FJNMJJC437YUYUWDF5VEVIWPK6LECEZJV3OMRCXF6VI76ZOGYOFIOERVACTHYB4KHK22IKKEWLYPTUBLONXLA7QVY2SW2TZMW4ULVG2UAKDR3DM3RL4TTJAF3F3ROXQ3ZLRVYS7Z2T4TIQETEEUV73V42AQLF65YKSUX6JMYEW3ZHXPREAMXXBOQV32GKOYOISFZKX4GPTPR2IMSMCULLR2V4QUSMU3MWF7NQ%3D%3D%3D%3DGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            40kib.dllGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            https://mail.kb4.io/XT0VNMzRJS3djRnBKZnFha1JaVThBUHFHRmpuS2FmSUY4aUszUlY3Sm0rWmpyUWR3ekQzL2xjN0xhVVJlTzhvZzgyMGtTUkxmSWtGdWlUY2I0NStmRWlLS2xHcGZsNTZUN3VyanNiKzVaNjhaeTRSTXFXVGdwc0J4amUxRFFPMU5DTTd5ejl5aXZxUlBwL1NDaDBRSk9DWVJkc09KRUZodTl0SFh5bFVVWEdYZTMzcm5ZTCtCSGpmZWRIMEprQjhiZExvOE9wSGkwUS9KTjQwSVdjQT0tLVBNYWNLTzcyT0xCdDkzb3ItLURlVmNvdGI3d3BGenM5UWJzc1EreXc9PQ==?cid=2260646675Get hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                            • 199.232.210.172
                                                            renier_visser-In Employee -11384.pdfGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172
                                                            http://demettei.comGet hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!sb98dbf79ab614921877689e4912e2fae&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VubV9qYmxocXlGSmgzYUo1SkV1TDY0QmtKQzA5SEFwTjV6cTh1YW5PSWxxNEE_ZT1pdGFpeGo&wd=target%28Sezione%20senza%20titolo.one%7Ccfe57f3b-5d7b-4d15-b045-f6fdb53b3776%2FRechnung%2039920898-43006843%20%5C%7C%20Ebner%20Media%20Group%7C205becae-dae9-4a36-907a-485bcab69387%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            http://bigfoot99.comGet hashmaliciousUnknownBrowse
                                                            • 199.232.210.172
                                                            https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                            • 199.232.210.172
                                                            https://1drv.ms/o/c/dfbe417e0dc15e08/Esl_LBLy3yNEou5UFJ-QxnIBMGmncz8uv1GwgEHKevm1cw?e=C2cldFGet hashmaliciousUnknownBrowse
                                                            • 199.232.214.172

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            MICROSOFT-CORP-MSN-AS-BLOCKUShttps://apollomicsinc-my.sharepoint.com/:u:/p/peony_yu/EThcAjzaTWNPs4NpIP1X0v0BUe4pmKNB9s6TANBDk5EDeA?rtime=8VndtY_33EgGet hashmaliciousHtmlDropperBrowse
                                                            • 20.42.73.31
                                                            Salary_Structure_Benefits_for_Sebastien.daveauIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                            • 94.245.104.56
                                                            https://api.inspectrealestate.com.au/email/track?eta=1&t=B32-5UARLGTXC6GHXC7PJPHCGUP7HMF6FJEQ76L6MOL7WYB6P6EYQNBONANBBGKOXFRO3HPDET5TXGOZXG5FJNMJJC437YUYUWDF5VEVIWPK6LECEZJV3OMRCXF6VI76ZOGYOFIOERVACTHYB4KHK22IKKEWLYPTUBLONXLA7QVY2SW2TZMW4ULVG2UAKDR3DM3RL4TTJAF3F3ROXQ3ZLRVYS7Z2T4TIQETEEUV73V42AQLF65YKSUX6JMYEW3ZHXPREAMXXBOQV32GKOYOISFZKX4GPTPR2IMSMCULLR2V4QUSMU3MWF7NQ%3D%3D%3D%3DGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.60
                                                            (No subject) (98).emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            Electronic_Receipt_ATT0001.virus.htmlGet hashmaliciousUnknownBrowse
                                                            • 150.171.27.10
                                                            hwWxZRwpeL.exeGet hashmaliciousStealc, VidarBrowse
                                                            • 94.245.104.56
                                                            https://teams.microsoft.com/l/meetup-join/19%3ameeting_MjMzOWVkZWYtYzg2MC00YjYzLWE5MmItMTA0OTE2MWJkOWYw%40thread.v2/0?context=%7b%22Tid%22%3a%2211d0e217-264e-400a-8ba0-57dcc127d72d%22%2c%22Oid%22%3a%2220d61d95-c7cb-4170-b8c4-9ea749bac872%22%7dGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                            • 20.190.159.2
                                                            original.emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 52.102.11.124
                                                            https://app.pandadoc.com/document/v2?token=2126fee3194112970cb23c51d0c56249323ace2bGet hashmaliciousUnknownBrowse
                                                            • 150.171.27.10

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Quasar, StealcBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.246.45

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                            Category:dropped
                                                            Size (bytes):4770
                                                            Entropy (8bit):7.946747821604857
                                                            Encrypted:false
                                                            SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                            MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                            SHA1:719C37C320F518AC168C86723724891950911CEA
                                                            SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                            SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):338
                                                            Entropy (8bit):3.2642066763188535
                                                            Encrypted:false
                                                            SSDEEP:6:kKyt7sN+SkQlPlEGYRMY9z+s3Ql2DUevat:6t7TkPlE99SCQl2DUevat
                                                            MD5:6CBD622E47C94B00A1E07A0FD3319F8B
                                                            SHA1:ACFC22FA9889BDECB8246158E3A096016F56EB7B
                                                            SHA-256:B52F84AA79DE10FDDEA8C96C43B66213D3179ED553FC6D9E5D4A354388B2E2A2
                                                            SHA-512:D7EBF1435365C15D4C43FF3E78056D4A8A950E6D72FDC4826429F44E0EAC087F03DC24E64135B7E5013348641C6A21C2B7858688EA22C04B13DFAF3B16927722
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:p...... ........b&h.)..(....................................................... .........p.........$.....(=........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                            C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):231348
                                                            Entropy (8bit):4.389991591825078
                                                            Encrypted:false
                                                            SSDEEP:3072:x5gP6/g7PmiGu2SqoQgrt0FvEEXsOsf42:xLOPmi2vBXsOsfB
                                                            MD5:B26D5EB0F178706B7BAC6AF32C6F7BA5
                                                            SHA1:89E64900B5755F070B3B6A41972D39A32ADF6D47
                                                            SHA-256:420A6ABCBC00BA06E885B3066E7B2538BBB06B1E67CD6568823DEEA2D133DFC0
                                                            SHA-512:4E6A49DDF9BF674F8C98DE9B5B938387292C2CDDEE153FED1C57B3F36476DC03223758DBC58C1973B7A4898F7EB7C7214313C489815459C1602399BBF8AAAD94
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:TH02...... .@F5.)......SM01X...,...`.&.)..........IPM.Activity...........h...............h............H..hT.o...........h.........U..H..h\FRO ...1\Ap...h..0.....o....hK.J............h........_`Tk...h..J.@...I.tw...h....H...8.Yk...0....T...............d.........2h...............k..............!h.............. h>..%.....o...#h....8.........$h.U......8....."h............'h..z...........1hK.J.<.........0h....4....Yk../h....h.....YkH..h....p...T.o...-h .........o...+h..J....H.o................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):521377
                                                            Entropy (8bit):4.9084889265453135
                                                            Encrypted:false
                                                            SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                            MD5:C37972CBD8748E2CA6DA205839B16444
                                                            SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                            SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                            SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                            Malicious:false
                                                            Reputation:moderate, very likely benign file
                                                            Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                            Category:dropped
                                                            Size (bytes):773040
                                                            Entropy (8bit):6.55939673749297
                                                            Encrypted:false
                                                            SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                            MD5:4296A064B917926682E7EED650D4A745
                                                            SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                            SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                            SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                            Malicious:false
                                                            Reputation:moderate, very likely benign file
                                                            Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):322260
                                                            Entropy (8bit):4.000299760592446
                                                            Encrypted:false
                                                            SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                            MD5:CC90D669144261B198DEAD45AA266572
                                                            SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                            SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                            SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                            Malicious:false
                                                            Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):10
                                                            Entropy (8bit):1.9609640474436814
                                                            Encrypted:false
                                                            SSDEEP:3:LSKSn:ZS
                                                            MD5:C5743AA4D53C7060E85F9FFE8ECC0916
                                                            SHA1:194BCA00992BAC6C795C332B2303C5F2D8F5716A
                                                            SHA-256:B356D4C413CDC10C0406871DE8D54219C05F0FCE4C9CC0A833D6BB92C3360308
                                                            SHA-512:A2AC34EAF8DBCD696C55E51666774E44007D656F0671211E860EC54AA4A103C02285907A4F0B118601158C741170A77CF3532B3E8EE5AE1A8AC5C7164962C58A
                                                            Malicious:false
                                                            Preview:1730177797

                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2D856CF8-223E-4CCC-8CBE-45FB4A4947CC

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):180288
                                                            Entropy (8bit):5.2910117447213985
                                                            Encrypted:false
                                                            SSDEEP:1536:ui2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8S7CC:YPe7HW8QM/o/aXbbkx
                                                            MD5:3397C73C40B6E3D86D3B48804A43CB2C
                                                            SHA1:4DFBA1FFFF855D901BC01E767180FDA17667BEB1
                                                            SHA-256:739B45FBD0B1159F9B78AE68218C79F5B2BB01C8355E99275E9BCADD32D7298E
                                                            SHA-512:6C74AA4B4233B63DECE8A3F3F7F529E8046ADF19C7909BE40273D539153ECEE7C3A73E51EB567D0F61C72ECE2ED1AE244D15197D7D26F672B36A449C062EB7F2
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-29T04:56:33">.. Build: 16.0.18222.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                            Category:dropped
                                                            Size (bytes):4096
                                                            Entropy (8bit):0.09216609452072291
                                                            Encrypted:false
                                                            SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                            MD5:F138A66469C10D5761C6CBB36F2163C3
                                                            SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                            SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                            SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):4616
                                                            Entropy (8bit):0.13760166725504608
                                                            Encrypted:false
                                                            SSDEEP:3:7FEG2l+z2ul/FllkpMRgSWbNFl/sl+ltlslVlllfllzG:7+/lPgg9bNFlEs1EP/jG
                                                            MD5:0E7EFC80F7DC50B3156D83B5632C5FEC
                                                            SHA1:5414FA714E334CFC097F0092DE693EBFDDBF2D98
                                                            SHA-256:2AD50BB394F1728F3BF9F5910DDBDFD26B518F7BF8CA8CFBB31FAD3B6F00611F
                                                            SHA-512:079B1FDD64A9C3B3B0360ECBACFEBED7A04A9D502C37D5C6307C4371F7F1599749ADF97D0FA22AC555BCD6D29D5837FCFFE250954495292E872EE4B5C8AC7F08
                                                            Malicious:false
                                                            Preview:.... .c........#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):32768
                                                            Entropy (8bit):0.04461859006841713
                                                            Encrypted:false
                                                            SSDEEP:3:G4l2YwyDvnTolAl2YwyDvnL//lWlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2atl2C//0L9XXPH4l942U
                                                            MD5:9D3AA53D07BB18A481CA03FE8C2F8FF5
                                                            SHA1:6EDE8DDA18649F99754FC7211AB5D7C755F7EEDD
                                                            SHA-256:89C7839F245006659822937A75D69D18387A982376EF619F7E954098AFE24584
                                                            SHA-512:0C5954FC8EC20402896C39771A6D4F74DB7F1FB364DAAA900BBF7F6198B1EF82BA3350AED043CB9C3F35ED0D5CE911D2AF629C1E5333EA2653E4A8EA993C8309
                                                            Malicious:false
                                                            Preview:..-.....................d{.O ...&....F3.....44....-.....................d{.O ...&....F3.....44..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                            Category:dropped
                                                            Size (bytes):45352
                                                            Entropy (8bit):0.39508609541974077
                                                            Encrypted:false
                                                            SSDEEP:24:K+j+4Q3zRDo/gWoBXUll7DBtDi4kZERDjYz8zqt8VtbDBtDi4kZERDy3Q:pj+4Q1PvBXUll7DYMn1zO8VFDYMs
                                                            MD5:BBBF0419B9A06531A5C35CA3931ED36D
                                                            SHA1:6F473BBDC22AE5A53292D98AB759107A31BC2783
                                                            SHA-256:09CAFECC33B32756718493D5D44EBA131720D2FBF547F99DB9BD49264EFEDC1D
                                                            SHA-512:2588BB71D0087A23C3965B1F1560E2F9359834A97A9BC9B438543E5F6DE7AC6F89075EE3E7D2F9117F5CDA41F0E5ABCE2EDD6ABC1E5BBB88E87C9F2FF5D96F1B
                                                            Malicious:false
                                                            Preview:7....-..........&....F3....9%..........&....F3..P.3+...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D3D117B.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 961 x 58, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):37246
                                                            Entropy (8bit):7.926870321085284
                                                            Encrypted:false
                                                            SSDEEP:768:eEseq+NIpUu3UmM7y/gZb984iCqpvN2iOdmCA8w:e8NipUu3UmYy/gJAVCmYw
                                                            MD5:BDEAB1E6E59F6240E1B87972614D76E4
                                                            SHA1:304FE8DD4AF0728CB2BECABC20F89844D8FFB33A
                                                            SHA-256:3C786630CD085BB900CEB4DF0BCD62F39C63319B13AB345C42CA6BED9A38769B
                                                            SHA-512:4D065CA937F08198ED63C73E111F8D9D62B2D89444A9E9FBC7C0C8D0627E8649CE8529EE07AB9895E061C14BF2900B749C2344FC9F46C0D7CD383A52DE171AF5
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.......:.......[G....sRGB.........gAMA......a.....pHYs...t...t..f.x..._iTXtSnipMetadata.....{"clipPoints":[{"x":0,"y":0},{"x":961,"y":0},{"x":961,"y":59},{"x":0,"y":59}]}..K.....IDATx^..i.,..%.U.z......!D@!...D..?..........t2u......0=:.Ss.......O?..;.......?.......TG.)./6t<....G.......~NW.8.....WD.9...u~....KE....<....$.....;....^.i..1NP...'.Y:...s.ad...}.....).~.... ...Fe.5.x@....\:..c..25v}s.eQ.%B.H.....9...6..].5p....7....qb..cO.3(.c..ADb.wA......SL..g.......^.0....u...#....$.....3>..h..?...m}.5..../8..w.!....2fE.........b}......y"._.$.......3^....t0.......w.]'q.k.|...'n.zS...%..S.z.^.%..o.u..7.N.*...X...~@^.M.|./._.$.2<.2X.#...|N....qN.c...C..0.../..IH..G...9..9.....s}FX...........n=.F..8u..s.iG.J.,.b}....a.Q...h...6.o.x.7......D.......U.....3..h.X....S_..B...1..:..N...\/./...'N..C~....w?.?.o...L.g.F.'5h..Ih..(/#p..E.Zz.....n.......6..J...i...<g.8..;.y...6.?~....".........`'.y..z......q$....lo.':.G?..0.3.F....}}...y.I..@.L.9D^j.

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1F9A2441.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x450, components 3
                                                            Category:dropped
                                                            Size (bytes):61958
                                                            Entropy (8bit):7.964360409013149
                                                            Encrypted:false
                                                            SSDEEP:1536:dfxSL1SxVkknumQ5B3OT9ryclk4zxllaI8P5YKLsIRr+YL:5ARUkknbQ5Y9rycbzXkP5M0L
                                                            MD5:EC573B4C3D40E487E5562A3A097883ED
                                                            SHA1:19DE0EED0A61CA6077C8BAC41ABEE5B523C9C47B
                                                            SHA-256:5A07BC4A30B6CEC23226C3C4B9F0B6E026D654016410C03B421A9CCBF05BAFF0
                                                            SHA-512:FA40A045864FE73F6023AA0608DACE1698CADE887E9AB2DCA48D7E3DE250E9E14A958B5AD6E52ADB4DC2A8F39DCC12A87ACC10B5ACA414C13AEAD3EEBBBDBFDB
                                                            Malicious:false
                                                            Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...WU.WX.Q.].....7...S....!w.....h..3}.._...F....%..mK.........mK.........N.E..mK.........mK.........E..?../..].......?../..]........E; ...k._........4.kj_........5N.v@\....!w.....h....!w.....j........B....7.......B....7..:)..s.[R.......o..[R.......o.tQd"......A......G.....A......T.d...mK.........mK........R.d2......A......K.....B....7..*)..w.[R.......o..[R..

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\21CD0FBF.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 1300 x 500, 8-bit/color RGBA, non-interlaced
                                                            Category:modified
                                                            Size (bytes):459388
                                                            Entropy (8bit):7.9971500140993435
                                                            Encrypted:true
                                                            SSDEEP:12288:o+vdnYLZuyl1wVo1S3Ub9fBd2HOFxI0PeY:5vd4lCEJTDq0Pf
                                                            MD5:CCC79D9EBF8E573716F06285B02416A2
                                                            SHA1:7791E0D6E3EDBD2E23BEA5563F3047E4734C76E5
                                                            SHA-256:2C98B28E30ACF416827DF0EB49CEC109B6134CBBF60E653A743F48877732F499
                                                            SHA-512:798E860802E8B0E2B2E3CA976AF9A900B02E7685277F291E8EED5A26F2A56C5CE159CC08B0956458AFF77422C9E19B119693513318F5A89636515E4304D5E02E
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............L.y....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx..}...E...I.........H.'...oH<..(..L..+.....( .....u=I.7H..c..oE...x.rC..........:.k.._h......|....)d..R........(X.,.bX"|3...]..F.i.a..1m9.fe..,e.$,.d.x.Ms...w.._.S........u.c$.O......H..*..S...\..a.7*...b.....*..s.)...{.._U.>.k..lA..i.3.Q.^.y.0...J....l........].t?.........S.#.%i...uld..>..f....||.............S}A....(.l..mO..B..j..i.....8....ZG,..'.g...1...X.>....i...K..lb..r.).....W..Ad..Z2..4..]..,>...!E.*......$......!.:..Z"...T;.=..).B.|-6.[.......m.m....XJ4.Plh.#......0../U....A,..0~p.T.n+..~l.Y^)}W.._..|zln1L9O&.Q..M..\6Y..'..2OTSr..u.aK...}...K9...Fd....i_5FrDhS(..G.>.v.P...-x&......mW..a..g...7..%..5.....U....\.u..]..$Y...._...^k...2...3.P..+.v.7<.g.\.....f...wG..Ca..EQ.UiYv..T.8.....w.Q/.&P...Za....M.e...q.E~.........B..7d..Xt.G.r......}.....F.$(.h.SD..Ck.E{..*..f..v.8............R.....M...t.E.P.v1}.....T.rj......L.S.C..J.... 5......+...ef..1d.

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\35C2B587.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.3 (Windows), datetime=2024:10:17 16:41:09], baseline, precision 8, 30x30, components 3
                                                            Category:dropped
                                                            Size (bytes):12486
                                                            Entropy (8bit):6.24442614314078
                                                            Encrypted:false
                                                            SSDEEP:192:obrQy4FGCv1kn2Trk6YNMtKw0kfKnvB9fwzP:E7Cen2To6YNg70kyvBEP
                                                            MD5:4FFABC344F5A85A8C4D21598CE13F966
                                                            SHA1:8E1AFF67F191D31B2158F033E4CC1EB7DC95CE85
                                                            SHA-256:D04F23F714BE1088FD886495072A38BA019247E16F419F65C5F225081A9A02B3
                                                            SHA-512:E1EE53AECB31BDD8520BFAE69703CDE0EF986E3AED6C84508B4B93C8B124EF0A0CBA269761538C6CDF90C9AFE44AC8D6D2B07669331648C02324B0384D3BB994
                                                            Malicious:false
                                                            Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop 25.3 (Windows).2024:10:17 16:41:09........................................................................."...........*.(.....................2...........G.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..S.[.rC.=B..Y>."..-......{v.>..}.f....Uj^r.......S.~.......Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........PstSbool

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\35C3250B.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):49
                                                            Entropy (8bit):3.3411789203978737
                                                            Encrypted:false
                                                            SSDEEP:3:CUyGllDxs9h/:QGldxU/
                                                            MD5:4408EFC0174F07AD685C456F1DE521CA
                                                            SHA1:E3BC3250F8F32BD98DC7B05FD8940B74617EB8D1
                                                            SHA-256:D1371FEB0512D700CF724B05A588CE79F8D8DFBB0991AE5F45ECD3AB08983A38
                                                            SHA-512:8579BA805C132C91CFFED4E0B77331DBB57BE57D84F063B12D5055D9D0653F733E55B7B92715D33D487FD4F202FD3572B02CFD63187722340714BFA936AF0AD9
                                                            Malicious:false
                                                            Preview:GIF89a...................!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8613E540.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):49
                                                            Entropy (8bit):3.3411789203978737
                                                            Encrypted:false
                                                            SSDEEP:3:CUyGllDxs9h/:QGldxU/
                                                            MD5:4408EFC0174F07AD685C456F1DE521CA
                                                            SHA1:E3BC3250F8F32BD98DC7B05FD8940B74617EB8D1
                                                            SHA-256:D1371FEB0512D700CF724B05A588CE79F8D8DFBB0991AE5F45ECD3AB08983A38
                                                            SHA-512:8579BA805C132C91CFFED4E0B77331DBB57BE57D84F063B12D5055D9D0653F733E55B7B92715D33D487FD4F202FD3572B02CFD63187722340714BFA936AF0AD9
                                                            Malicious:false
                                                            Preview:GIF89a...................!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8F9EBD4E.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 1300 x 500, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):459388
                                                            Entropy (8bit):7.9971500140993435
                                                            Encrypted:true
                                                            SSDEEP:12288:o+vdnYLZuyl1wVo1S3Ub9fBd2HOFxI0PeY:5vd4lCEJTDq0Pf
                                                            MD5:CCC79D9EBF8E573716F06285B02416A2
                                                            SHA1:7791E0D6E3EDBD2E23BEA5563F3047E4734C76E5
                                                            SHA-256:2C98B28E30ACF416827DF0EB49CEC109B6134CBBF60E653A743F48877732F499
                                                            SHA-512:798E860802E8B0E2B2E3CA976AF9A900B02E7685277F291E8EED5A26F2A56C5CE159CC08B0956458AFF77422C9E19B119693513318F5A89636515E4304D5E02E
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............L.y....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx..}...E...I.........H.'...oH<..(..L..+.....( .....u=I.7H..c..oE...x.rC..........:.k.._h......|....)d..R........(X.,.bX"|3...]..F.i.a..1m9.fe..,e.$,.d.x.Ms...w.._.S........u.c$.O......H..*..S...\..a.7*...b.....*..s.)...{.._U.>.k..lA..i.3.Q.^.y.0...J....l........].t?.........S.#.%i...uld..>..f....||.............S}A....(.l..mO..B..j..i.....8....ZG,..'.g...1...X.>....i...K..lb..r.).....W..Ad..Z2..4..]..,>...!E.*......$......!.:..Z"...T;.=..).B.|-6.[.......m.m....XJ4.Plh.#......0../U....A,..0~p.T.n+..~l.Y^)}W.._..|zln1L9O&.Q..M..\6Y..'..2OTSr..u.aK...}...K9...Fd....i_5FrDhS(..G.>.v.P...-x&......mW..a..g...7..%..5.....U....\.u..]..$Y...._...^k...2...3.P..+.v.7<.g.\.....f...wG..Ca..EQ.UiYv..T.8.....w.Q/.&P...Za....M.e...q.E~.........B..7d..Xt.G.r......}.....F.$(.h.SD..Ck.E{..*..f..v.8............R.....M...t.E.P.v1}.....T.rj......L.S.C..J.... 5......+...ef..1d.

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\93BB04A.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.3 (Windows), datetime=2024:10:17 16:41:54], baseline, precision 8, 30x30, components 3
                                                            Category:dropped
                                                            Size (bytes):13059
                                                            Entropy (8bit):6.360403344328425
                                                            Encrypted:false
                                                            SSDEEP:192:yirQy4FGCzYknErk6YNMtKw0kfKor6DU+UFEYk2:Z7CfnEw6YNg70kyKU4I2
                                                            MD5:10006604367F5482701521BFD6B44F00
                                                            SHA1:C4F77BB7F0344B0D8A4F010CDC2D792CDD24F3C2
                                                            SHA-256:41D8940549F52B01F433C4FF3278FBA8015915EE00AD41FD87751279C55907CC
                                                            SHA-512:B0A47897A8097BF553594B5EE7C368A4E03C36A8F8EE7E663A45EE5FA2DD2F20F9F472453C2FEED0474BD0D63C0F99C87954139BE47ACEC1314E5123219AA89C
                                                            Malicious:false
                                                            Preview:.....tExif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop 25.3 (Windows).2024:10:17 16:41:54........................................................................."...........*.(.....................2...........:.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......;..w:l.k/w...g.6zi/.Ini_..p<.../q......Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........PstSbool.....Inteenum

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9CE96F25.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.3 (Windows), datetime=2024:10:17 16:41:09], baseline, precision 8, 30x30, components 3
                                                            Category:dropped
                                                            Size (bytes):12486
                                                            Entropy (8bit):6.24442614314078
                                                            Encrypted:false
                                                            SSDEEP:192:obrQy4FGCv1kn2Trk6YNMtKw0kfKnvB9fwzP:E7Cen2To6YNg70kyvBEP
                                                            MD5:4FFABC344F5A85A8C4D21598CE13F966
                                                            SHA1:8E1AFF67F191D31B2158F033E4CC1EB7DC95CE85
                                                            SHA-256:D04F23F714BE1088FD886495072A38BA019247E16F419F65C5F225081A9A02B3
                                                            SHA-512:E1EE53AECB31BDD8520BFAE69703CDE0EF986E3AED6C84508B4B93C8B124EF0A0CBA269761538C6CDF90C9AFE44AC8D6D2B07669331648C02324B0384D3BB994
                                                            Malicious:false
                                                            Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop 25.3 (Windows).2024:10:17 16:41:09........................................................................."...........*.(.....................2...........G.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..S.[.rC.=B..Y>."..-......{v.>..}.f....Uj^r.......S.~.......Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........PstSbool

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A70C41C9.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):3150
                                                            Entropy (8bit):7.349791361280717
                                                            Encrypted:false
                                                            SSDEEP:96:tknmWIkelhd8HLjHYJTM4yZydWdCAflQVb5J5ddB1:tknXrjccdTKVr3dB1
                                                            MD5:D105CA1E1CDE941FEA3029A290D8E23C
                                                            SHA1:1299426414F93CB3C7B6B1A7B642541260F105D7
                                                            SHA-256:AA70E20C13A48F26561A574518097030DDBC062B670C65E5B05F21F845F32625
                                                            SHA-512:1EBB8061C34B895E15CD42287200ADD2971F1F8C5086948A2CA0E14D6811CA834ED395284B8D90D0CD4555CE285F2D502152CE19BB806A1137F9D3D66EB9E942
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............;0......pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.3 (Windows)" xmp:CreateDate="2024-10-22T10:49:13+03:00" xmp:ModifyDate="2024-10-22T10:57:02+03:00" xmp:MetadataDate="2024-10-22T10:57:02+03:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:4edaaf00-0083-5c4d-86ed-01b9220dcd9f" xmpMM:DocumentID="adobe:docid:photoshop:1de76145-c2cf-b347-af25-11a7696276d9" xmpMM:OriginalDocumentID="xmp.did:26424f

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B6A4CE51.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 961 x 58, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):37246
                                                            Entropy (8bit):7.926870321085284
                                                            Encrypted:false
                                                            SSDEEP:768:eEseq+NIpUu3UmM7y/gZb984iCqpvN2iOdmCA8w:e8NipUu3UmYy/gJAVCmYw
                                                            MD5:BDEAB1E6E59F6240E1B87972614D76E4
                                                            SHA1:304FE8DD4AF0728CB2BECABC20F89844D8FFB33A
                                                            SHA-256:3C786630CD085BB900CEB4DF0BCD62F39C63319B13AB345C42CA6BED9A38769B
                                                            SHA-512:4D065CA937F08198ED63C73E111F8D9D62B2D89444A9E9FBC7C0C8D0627E8649CE8529EE07AB9895E061C14BF2900B749C2344FC9F46C0D7CD383A52DE171AF5
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.......:.......[G....sRGB.........gAMA......a.....pHYs...t...t..f.x..._iTXtSnipMetadata.....{"clipPoints":[{"x":0,"y":0},{"x":961,"y":0},{"x":961,"y":59},{"x":0,"y":59}]}..K.....IDATx^..i.,..%.U.z......!D@!...D..?..........t2u......0=:.Ss.......O?..;.......?.......TG.)./6t<....G.......~NW.8.....WD.9...u~....KE....<....$.....;....^.i..1NP...'.Y:...s.ad...}.....).~.... ...Fe.5.x@....\:..c..25v}s.eQ.%B.H.....9...6..].5p....7....qb..cO.3(.c..ADb.wA......SL..g.......^.0....u...#....$.....3>..h..?...m}.5..../8..w.!....2fE.........b}......y"._.$.......3^....t0.......w.]'q.k.|...'n.zS...%..S.z.^.%..o.u..7.N.*...X...~@^.M.|./._.$.2<.2X.#...|N....qN.c...C..0.../..IH..G...9..9.....s}FX...........n=.F..8u..s.iG.J.,.b}....a.Q...h...6.o.x.7......D.......U.....3..h.X....S_..B...1..:..N...\/./...'N..C~....w?.?.o...L.g.F.'5h..Ih..(/#p..E.Zz.....n.......6..J...i...<g.8..;.y...6.?~....".........`'.y..z......q$....lo.':.G?..0.3.F....}}...y.I..@.L.9D^j.

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CA766D36.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x450, components 3
                                                            Category:dropped
                                                            Size (bytes):61958
                                                            Entropy (8bit):7.964360409013149
                                                            Encrypted:false
                                                            SSDEEP:1536:dfxSL1SxVkknumQ5B3OT9ryclk4zxllaI8P5YKLsIRr+YL:5ARUkknbQ5Y9rycbzXkP5M0L
                                                            MD5:EC573B4C3D40E487E5562A3A097883ED
                                                            SHA1:19DE0EED0A61CA6077C8BAC41ABEE5B523C9C47B
                                                            SHA-256:5A07BC4A30B6CEC23226C3C4B9F0B6E026D654016410C03B421A9CCBF05BAFF0
                                                            SHA-512:FA40A045864FE73F6023AA0608DACE1698CADE887E9AB2DCA48D7E3DE250E9E14A958B5AD6E52ADB4DC2A8F39DCC12A87ACC10B5ACA414C13AEAD3EEBBBDBFDB
                                                            Malicious:false
                                                            Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...WU.WX.Q.].....7...S....!w.....h..3}.._...F....%..mK.........mK.........N.E..mK.........mK.........E..?../..].......?../..]........E; ...k._........4.kj_........5N.v@\....!w.....h....!w.....j........B....7.......B....7..:)..s.[R.......o..[R.......o.tQd"......A......G.....A......T.d...mK.........mK........R.d2......A......K.....B....7..*)..w.[R.......o..[R..

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D4C062E2.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.3 (Windows), datetime=2024:10:17 16:41:54], baseline, precision 8, 30x30, components 3
                                                            Category:dropped
                                                            Size (bytes):13059
                                                            Entropy (8bit):6.360403344328425
                                                            Encrypted:false
                                                            SSDEEP:192:yirQy4FGCzYknErk6YNMtKw0kfKor6DU+UFEYk2:Z7CfnEw6YNg70kyKU4I2
                                                            MD5:10006604367F5482701521BFD6B44F00
                                                            SHA1:C4F77BB7F0344B0D8A4F010CDC2D792CDD24F3C2
                                                            SHA-256:41D8940549F52B01F433C4FF3278FBA8015915EE00AD41FD87751279C55907CC
                                                            SHA-512:B0A47897A8097BF553594B5EE7C368A4E03C36A8F8EE7E663A45EE5FA2DD2F20F9F472453C2FEED0474BD0D63C0F99C87954139BE47ACEC1314E5123219AA89C
                                                            Malicious:false
                                                            Preview:.....tExif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop 25.3 (Windows).2024:10:17 16:41:54........................................................................."...........*.(.....................2...........:.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......;..w:l.k/w...g.6zi/.Ini_..p<.../q......Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........PstSbool.....Inteenum

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F556E6B4.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):3150
                                                            Entropy (8bit):7.349791361280717
                                                            Encrypted:false
                                                            SSDEEP:96:tknmWIkelhd8HLjHYJTM4yZydWdCAflQVb5J5ddB1:tknXrjccdTKVr3dB1
                                                            MD5:D105CA1E1CDE941FEA3029A290D8E23C
                                                            SHA1:1299426414F93CB3C7B6B1A7B642541260F105D7
                                                            SHA-256:AA70E20C13A48F26561A574518097030DDBC062B670C65E5B05F21F845F32625
                                                            SHA-512:1EBB8061C34B895E15CD42287200ADD2971F1F8C5086948A2CA0E14D6811CA834ED395284B8D90D0CD4555CE285F2D502152CE19BB806A1137F9D3D66EB9E942
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............;0......pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.3 (Windows)" xmp:CreateDate="2024-10-22T10:49:13+03:00" xmp:ModifyDate="2024-10-22T10:57:02+03:00" xmp:MetadataDate="2024-10-22T10:57:02+03:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:4edaaf00-0083-5c4d-86ed-01b9220dcd9f" xmpMM:DocumentID="adobe:docid:photoshop:1de76145-c2cf-b347-af25-11a7696276d9" xmpMM:OriginalDocumentID="xmp.did:26424f

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2277350A-F30D-4146-AE96-FA5C96F690A4}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2507E2E6-7557-462C-B340-A41814BCDBB1}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{31A38F12-09AF-42A9-815A-3523449BFA78}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3FAF8EDB-2B22-43EF-A1E4-D63D94D8A97E}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{742AB048-9FA4-44B0-BE96-C66F43041D42}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9055459F-3340-468A-BB41-B1456AADD1C5}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C12CDA22-B387-4A1A-A324-7FEFDC69AB4C}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C277272F-979A-4C08-AC10-96CE14551EB5}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):46224
                                                            Entropy (8bit):4.330554354389018
                                                            Encrypted:false
                                                            SSDEEP:768:TJ2KaoiqBHWSuflBRqavwMJsOiUwM0nwM/Aa:dPB7aBRqajsOwAa
                                                            MD5:41302D8A6620F30F7CF2725A156E8445
                                                            SHA1:DAE0F51DC5B57EE9B8BCAA42ED76CC4732991897
                                                            SHA-256:372FBEEF8A7E574BC0194B519879218F2C147187D9848145DFFEE2187A83CFF9
                                                            SHA-512:6CDF1AD32970F9024A0D904A5D59B87AC7D5CBF5D79D3084FB992209F618DDD90A27AAEC3708E845B39A78CA0F1EF5BCFDED7D7637180AB2FF261C90A1EA13EB
                                                            Malicious:false
                                                            Preview:....C.A.U.T.I.O.N.:. .T.h.i.s. .e.m.a.i.l. .i.s. .o.r.i.g.i.n.a.t.e.d. .f.r.o.m. .a.n. .E.x.t.e.r.n.a.l. .A.d.d.r.e.s.s... .D.o. .n.o.t. .v.i.s.i.t. .t.h.e. .l.i.n.k.s. .o.r. .o.p.e.n. .a.t.t.a.c.h.m.e.n.t.s. .u.n.l.e.s.s. .y.o.u. .r.e.c.o.g.n.i.z.e. .t.h.e. .S.e.n.d.e.r....... ..................................................................................................................................................................................................................................................................... ..."...$...&...(................... ..."...$............................................................................................................................................................................................................................................................$..d....a$...(..$..d............9D..[$.\$.a$......d....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a.........d............$..d..

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FF88447E-D852-45A0-AEE2-B54B8FCFD0AC}.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1024
                                                            Entropy (8bit):0.03351732319703582
                                                            Encrypted:false
                                                            SSDEEP:3:ol3lG:40
                                                            MD5:830FBF83999E052538EAF156AB6ECB17
                                                            SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                            SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                            SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730177790892622900_BF56DEDC-95C9-4FCA-A7EC-ACA9E7C039D0.log

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):20971520
                                                            Entropy (8bit):0.044121887716539215
                                                            Encrypted:false
                                                            SSDEEP:1536:/hiUTodNjHg1Vpz5chHMlAxvDj1/tdIp34GEQ3gbF60BQYBeqiGRsJFBG5tjvG1w:pj7UXmKHO
                                                            MD5:1D2487002B40B955C1AF8FA4443DC81A
                                                            SHA1:06E63FF1A284D5C8709178480AB5C46ACF5B6979
                                                            SHA-256:C15DDFE0F7A6A8AF30D021C34156A6B0F2626D54148E1D511EC2BCBE9D3601B1
                                                            SHA-512:790C8C556FBC4884BA165C12F22959BE2A2B02B2DBC2CE2A574BCDC93ABB16E7A0B12A983C9DF9FB12BCD10F5A4FCAC517262DA63B8584C9AAB0BE7B73E58657
                                                            Malicious:false
                                                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/29/2024 04:56:30.997.OUTLOOK (0x1D90).0x1D94.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-29T04:56:30.997Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"00239E13-E5CC-4AF4-8354-1ED0F70BC674","Data.PreviousSessionInitTime":"2024-10-29T04:56:07.596Z","Data.PreviousSessionUninitTime":"2024-10-29T04:56:10.831Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/29/2024 04:56:31.247.OUTLOOK (0x1D90).0x1E78.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":24

                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730177790893453100_BF56DEDC-95C9-4FCA-A7EC-ACA9E7C039D0.log

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):20971520
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3::
                                                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                            Malicious:false
                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241029T0056290232-7568.etl

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):135168
                                                            Entropy (8bit):4.696371554880979
                                                            Encrypted:false
                                                            SSDEEP:768:4oQT+Q0z2hd4TamXtgg92lDiWhaybuQbNXUSvjSi1EfBrURqwoj1Z68XrWO2Wv4Q:0X4jtf92ldayRXsfBHwo5Z6cdnaYoC
                                                            MD5:947F11EEEF944B2D1B86440B850BBA08
                                                            SHA1:0B18028E857B0A0524E41D287407AC43C71630DC
                                                            SHA-256:522A5E191E86E0AB74EF760653AE0A64D5F37C8A9354B94CCB9DC867D9E2221A
                                                            SHA-512:920ED7FE554B1D8C940D78DCD25A4CFD0B5CC8A3F2B04A32399076BDA0DB0339DACEE1C718805AE16AFEB6BF8072493E3DE5CAF82BFFDC3DFC1B08458787364C
                                                            Malicious:false
                                                            Preview:............................................................................h..............)..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................=.W..............)..........v.2._.O.U.T.L.O.O.K.:.1.d.9.0.:.3.6.4.6.9.3.4.7.a.d.5.8.4.0.0.1.9.f.1.4.b.d.1.9.f.6.5.c.b.9.d.1...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.9.T.0.0.5.6.2.9.0.2.3.2.-.7.5.6.8...e.t.l.......P.P.........^s..)..................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):538855
                                                            Entropy (8bit):5.985611546939723
                                                            Encrypted:false
                                                            SSDEEP:6144:P2GLCvR09RWfMPhmz2aeUvRa9dBHrsjdjQo2z9nuWoJI:PJ4R09RWohmz2aj2dVmQo2MWkI
                                                            MD5:41C12E2662B97D838212D7CEF4916EB9
                                                            SHA1:C9371BC87158CA0CB806B8C76F53672345360A5B
                                                            SHA-256:6A557A711D1FFA9580366E2D63146D6175BC01AF89012C395EE220136DD6F1D5
                                                            SHA-512:42352B674D5C8642A88376A5AB81F91A6984F38B1E86D271CBC0CCC05F6D9066EDB5C0089CA345D37D2171C016E44A5EDA6DA415481883D61F7A32E0F1D81976
                                                            Malicious:false
                                                            Preview:RNWPREP...A..<.l.........8.......Z..hDBx.3]G}.........*..(...Y@...P.Q.....uY|.8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ....Qb........vC..`t.....Qb... ....Zo..`.....D..Qb.@SN....Sg..`.....D..Qb".......jn..`.....D..Qb:.2f....Kc..`F....D..QbR.O.....Jp..`......QbR@3y....WS..`.....D..Qbb@.}....Yu..`......Qbb.CQ....zb..`.....D..Qbn.......Do..`......Qbr.~V....bw..`.....D..Qb.......oi..`......Qb.......dp..`......Qb........Yc..`R.....Qb..1.....vy..`......Qb..Y.....CC..`......Qb..'~....nl..`(....D..Qb.......YC..`......Qb........bb..`d....D..Qb.@.?....fb..`......Qb.......Ef..`.....D..Qb.@.....fk..`......Qb.AX....yM..`.....D..Qb..&.....ec..`.....D..Qb..J.....yc..`8....D..Qb..P.....ub..`......Qb"..x....yt..`.....D..Qb2.9.....ea..`.....D..Qb:..d....so..`......Qb>.......wd..`.....D..QbV..|....Bh..`r....D..Qb^A.S....Ug..`.....D..QbrA......Jt..`h....D..QbzA......jC..`.....D..Qb..e.....bC..`.....D..Qb.AO+....$c..``....D..Qb.A......F_..`.....D..Qb..:..

                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):30
                                                            Entropy (8bit):1.2389205950315936
                                                            Encrypted:false
                                                            SSDEEP:3:vUnhv:Mnh
                                                            MD5:B440B562DA05E2330FD087D64A551AA3
                                                            SHA1:CDB5A44E6028D2F9BAFE74A3F7AD05CEE412CA7C
                                                            SHA-256:8B0FB146FA9CDF43F0F72959FB9A5B938AA3C411FF02CBAF8ECC86A9C4B043FA
                                                            SHA-512:4F2C9862FE9A9A66B2BA1C31E5728BA657429D5FFFE67FC9AF741C8228BFEC7DFA41E314E2154C756D5F3E83C4B7A65737F52B30A03C803D1C18013B90DCF9AE
                                                            Malicious:false
                                                            Preview:.....1........................

                                                            C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                            Category:dropped
                                                            Size (bytes):16384
                                                            Entropy (8bit):0.6707700917570396
                                                            Encrypted:false
                                                            SSDEEP:12:rl3baFGqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCk6xhj:rwmnq1Py961k6xV
                                                            MD5:046C406F94948BA0277EB50BC5D51156
                                                            SHA1:A1D385EB389C035824DE7ECA0B81EA856179827F
                                                            SHA-256:019F75F0C3B0CECB26467E2473B9D5838BD8F1CAF889CFB8D9E06CB5EB9BDB25
                                                            SHA-512:87766E81087FE75DCA7DEF7A64F9D3BB4C349F022E65D2C25C7ECFC0C777D1BE9EE8027ADB03E6F18E2481219542F0FFB5118F4746C5921FA0C627C6279F114D
                                                            Malicious:false
                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:Microsoft Outlook email folder (>=2003)
                                                            Category:dropped
                                                            Size (bytes):271360
                                                            Entropy (8bit):5.051534244242796
                                                            Encrypted:false
                                                            SSDEEP:3072:g8pJETnkUdMTF2mVvj6a9V6xpjDrwEFpj:okUdnQzD6xBwEF
                                                            MD5:A09B5BEA8E9378FA6497519286DC91AF
                                                            SHA1:3AA5AD708FBEC36E25041574EEB82094B346CAF2
                                                            SHA-256:429F4EC6AD9DFBB97070B989EA3DCB86473FE59138EF51E143A54EF5FE0B95D6
                                                            SHA-512:E968EC033C93B5723BB1ACEC868CCE95EE5C69D1C1E8574696E60BC5AA9BC80EBBB02B48DBCEC9ED93D3C00ECA8972995DC52B4BA988D8A9F4AE70B2BFEA75E5
                                                            Malicious:false
                                                            Preview:!BDNy'%USM......\...............y.......c................@...........@...@...................................@...........................................................................$.......D......................u...............x...................................................................................................................................................................................................................................................................................................'..~$T......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                            Download File
                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):262144
                                                            Entropy (8bit):4.554522763654031
                                                            Encrypted:false
                                                            SSDEEP:1536:TOW53jEpEHPVQ10BAwr1pOzLfGokzJ3QNBZTF2t3Ujw/99wwFFOMcq1emp0HBzR+:opjqOvTkgBZTF2tvvw6cGpjAtB4r
                                                            MD5:0999578F0A3F858A2C9F70D12F2D881E
                                                            SHA1:D64E367A6600C0AD5673A71BD1F2BC66ACB8E152
                                                            SHA-256:CA1470EC485FAABA928EC4650DCA07E673CEDE557429AB6E45264C8F1251E21A
                                                            SHA-512:DE61F0BCB64F3EB16A425D33D810EC76C1D2730662280696E6880C219BE5ED1904A9091C6C69ED21DDD1C8F5513C93F903C3B760EA9FD2AFDAF53FC25C31A781
                                                            Malicious:false
                                                            Preview:g]..0..................).......D............#..............}..............................................|......................................................................................................................................................................................................................................................................................................................................................................................................................................................../.[.D.......8An0..................).......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            Static File Info

                                                            General

                                                            File type:RFC 822 mail, ASCII text, with very long lines (1901), with CRLF line terminators
                                                            Entropy (8bit):5.694411990199126
                                                            TrID:
                                                            • E-Mail message (Var. 5) (54515/1) 100.00%
                                                            File name:phish_alert_sp2_2.0.0.0.eml
                                                            File size:112'926 bytes
                                                            MD5:e88ef66db0525f116b698a6152bbfcbe
                                                            SHA1:b9a6e6351e0556a2c7b015d34a8292fec8a50459
                                                            SHA256:37b071611c213cc53447bb1b3d1f2e00c4017a2be13756bfb6ed8a6c49e4c275
                                                            SHA512:51748215b0cbc6273438ea642c0dc01bf6584b49cc2646cc07d5ffa3cd329cf318d8191394efea8c3226e03c8dde9fc71d559fb3649273380420f0bf501f0727
                                                            SSDEEP:1536:zXkjOE+AqJHyKHhgQz3KJnK/hDaHA4eeae1ReeC9JeeNSeeRYeeueWGeegeIteGl:GJnNB
                                                            TLSH:CDB3E72197C06192A177CE91F05376FCB6740D6D97E32AB4E423A735DD8ECA22311BAC
                                                            File Content Preview:Received: from DX0P273MB1268.AREP273.PROD.OUTLOOK.COM.. (2603:1086:300:45::10) by AU2P273MB0355.AREP273.PROD.OUTLOOK.COM with.. HTTPS; Mon, 28 Oct 2024 11:51:50 +0000..Received: from DX1P273CA0002.AREP273.PROD.OUTLOOK.COM (2603:1086:300:21::7).. by DX0P27

                                                            Static Mail

                                                            General

                                                            Subject:Invitation to Netways Exclusive Event for UAE Government Leaders: New Era of Automation Leveraging D365 (AI & Copilot)
                                                            From:Netways UAE <UAEPresales@netways.com>
                                                            To:Saeed Hussain Ahli <Saeed.Ahli@dubaiculture.ae>
                                                            Cc:
                                                            BCC:
                                                            Date:Mon, 28 Oct 2024 11:50:05 +0000
                                                            Communications:
                                                            • Invitation to Netways Exclusive Event for UAE Government Leaders: New Era of Automation Leveraging D365 (AI & Copilot)CAUTION: This email is originated from an External Address. Do not visit the links or open attachments unless you recognize the Sender.Register now and secure your spot! View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us Invitation to Netways Exclusive Event for UAE Government Leaders: New Era of Automation Leveraging D365 (AI & Copilot) Invitation to Netways Exclusive Event for UAE Government Leaders: New Era of Automation Leveraging D365 (AI & Copilot) .wrapper{width:100%}#outlook a{padding:0}body{width:100%!important;min-width:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;margin:0;Margin:0;padding:0;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}.ExternalClass{width:100%}.ExternalClass,.ExternalClass div,.ExternalClass font,.ExternalClass p,.ExternalClass span,.ExternalClass td{line-height:100%}#backgroundTable{margin:0;Margin:0;padding:0;width:100%!important;line-height:100%!important}img{outline:0;text-decoration:none;-ms-interpolation-mode:bicubic;width:auto;max-width:100%;clear:both;display:block}center{width:100%;min-width:600px}a img{border:none}p{margin:0 0 0 10px;Margin:0 0 0 10px}table{border-spacing:0;border-collapse:collapse}td{word-wrap:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;hyphens:auto;border-collapse:collapse!important}table,td,tr{padding:0;vertical-align:top;text-align:left}@media only screen{html{min-height:100%;background:#f3f3f3}}table.body{background:#f3f3f3;height:100%;width:100%}table.container{background:#fefefe;width:600px;margin:0 auto;Margin:0 auto;text-align:inherit}table.row{padding:0;width:100%;position:relative}table.container table.row{display:table}td.column,td.columns,th.column,th.columns{margin:0 auto;Margin:0 auto;padding-left:16px;padding-bottom:16px}td.column.last,td.columns.last,th.column.last,th.columns.last{padding-right:16px}td.column table,td.columns table,th.column table,th.columns table{width:100%}td.large-1,th.large-1{width:34px;padding-left:8px;padding-right:8px}td.large-1.first,th.large-1.first{padding-left:16px}td.large-1.last,th.large-1.last{padding-right:16px}.collapse>tbody>tr>td.large-1,.collapse>tbody>tr>th.large-1{padding-right:0;padding-left:0;width:50px}.collapse td.large-1.first,.collapse td.large-1.last,.collapse th.large-1.first,.collapse th.large-1.last{width:58px}td.large-2,th.large-2{width:84px;padding-left:8px;padding-right:8px}td.large-2.first,th.large-2.first{padding-left:16px}td.large-2.last,th.large-2.last{padding-right:16px}.collapse>tbody>tr>td.large-2,.collapse>tbody>tr>th.large-2{padding-right:0;padding-left:0;width:100px}.collapse td.large-2.first,.collapse td.large-2.last,.collapse th.large-2.first,.collapse th.large-2.last{width:108px}td.large-3,th.large-3{width:134px;padding-left:8px;padding-right:8px}td.large-3.first,th.large-3.first{padding-left:16px}td.large-3.last,th.large-3.last{padding-right:16px}.collapse>tbody>tr>td.large-3,.collapse>tbody>tr>th.large-3{padding-right:0;padding-left:0;width:150px}.collapse td.large-3.first,.collapse td.large-3.last,.collapse th.large-3.first,.collapse th.large-3.last{width:158px}td.large-4,th.large-4{width:184px;padding-left:8px;padding-right:8px}td.large-4.first,th.large-4.first{padding-left:16px}td.large-4.last,th.large-4.last{padding-right:16px}.collapse>tbody>tr>td.large-4,.collapse>tbody>tr>th.large-4{padding-right:0;padding-left:0;width:200px}.collapse td.large-4.first,.collapse td.large-4.last,.collapse th.large-4.first,.collapse th.large-4.last{width:208px}td.large-5,th.large-5{width:234px;padding-left:8px;padding-right:8px}td.large-5.first,th.large-5.first{padding-left:16px}td.large-5.last,th.large-5.last{padding-right:16px}.collapse>tbody>tr>td.large-5,.collapse>tbody>tr>th.large-5{padding-right:0;padding-left:0;width:250px}.collapse td.large-5.first,.collapse td.large-5.last,.collapse th.large-5.first,.collapse th.large-5.last{width:258px}td.large-6,th.large-6{width:284px;padding-left:8px;padding-right:8px}td.large-6.first,th.large-6.first{padding-left:16px}td.large-6.last,th.large-6.last{padding-right:16px}.collapse>tbody>tr>td.large-6,.collapse>tbody>tr>th.large-6{padding-right:0;padding-left:0;width:300px}.collapse td.large-6.first,.collapse td.large-6.last,.collapse th.large-6.first,.collapse th.large-6.last{width:308px}td.large-7,th.large-7{width:334px;padding-left:8px;padding-right:8px}td.large-7.first,th.large-7.first{padding-left:16px}td.large-7.last,th.large-7.last{padding-right:16px}.collapse>tbody>tr>td.large-7,.collapse>tbody>tr>th.large-7{padding-right:0;padding-left:0;width:350px}.collapse td.large-7.first,.collapse td.large-7.last,.collapse th.large-7.first,.collapse th.large-7.last{width:358px}td.large-8,th.large-8{width:384px;padding-left:8px;padding-right:8px}td.large-8.first,th.large-8.first{padding-left:16px}td.large-8.last,th.large-8.last{padding-right:16px}.collapse>tbody>tr>td.large-8,.collapse>tbody>tr>th.large-8{padding-right:0;padding-left:0;width:400px}.collapse td.large-8.first,.collapse td.large-8.last,.collapse th.large-8.first,.collapse th.large-8.last{width:408px}td.large-9,th.large-9{width:434px;padding-left:8px;padding-right:8px}td.large-9.first,th.large-9.first{padding-left:16px}td.large-9.last,th.large-9.last{padding-right:16px}.collapse>tbody>tr>td.large-9,.collapse>tbody>tr>th.large-9{padding-right:0;padding-left:0;width:450px}.collapse td.large-9.first,.collapse td.large-9.last,.collapse th.large-9.first,.collapse th.large-9.last{width:458px}td.large-10,th.large-10{width:484px;padding-left:8px;padding-right:8px}td.large-10.first,th.large-10.first{padding-left:16px}td.large-10.last,th.large-10.last{padding-right:16px}.collapse>tbody>tr>td.large-10,.collapse>tbody>tr>th.large-10{padding-right:0;padding-left:0;width:500px}.collapse td.large-10.first,.collapse td.large-10.last,.collapse th.large-10.first,.collapse th.large-10.last{width:508px}td.large-11,th.large-11{width:534px;padding-left:8px;padding-right:8px}td.large-11.first,th.large-11.first{padding-left:16px}td.large-11.last,th.large-11.last{padding-right:16px}.collapse>tbody>tr>td.large-11,.collapse>tbody>tr>th.large-11{padding-right:0;padding-left:0;width:550px}.collapse td.large-11.first,.collapse td.large-11.last,.collapse th.large-11.first,.collapse th.large-11.last{width:558px}td.large-12,th.large-12{width:584px;padding-left:8px;padding-right:8px}td.large-12.first,th.large-12.first{padding-left:16px}td.large-12.last,th.large-12.last{padding-right:16px}.collapse>tbody>tr>td.large-12,.collapse>tbody>tr>th.large-12{padding-right:0;padding-left:0;width:600px}.collapse td.large-12.first,.collapse td.large-12.last,.collapse th.large-12.first,.collapse th.large-12.last{width:608px}td.large-1 center,th.large-1 center{min-width:2px}td.large-2 center,th.large-2 center{min-width:52px}td.large-3 center,th.large-3 center{min-width:102px}td.large-4 center,th.large-4 center{min-width:152px}td.large-5 center,th.large-5 center{min-width:202px}td.large-6 center,th.large-6 center{min-width:252px}td.large-7 center,th.large-7 center{min-width:302px}td.large-8 center,th.large-8 center{min-width:352px}td.large-9 center,th.large-9 center{min-width:402px}td.large-10 center,th.large-10 center{min-width:452px}td.large-11 center,th.large-11 center{min-width:502px}td.large-12 center,th.large-12 center{min-width:552px}.body .column td.large-1,.body .column th.large-1,.body .columns td.large-1,.body .columns th.large-1{width:8.33333%}.body .column td.large-2,.body .column th.large-2,.body .columns td.large-2,.body .columns th.large-2{width:16.66667%}.body .column td.large-3,.body .column th.large-3,.body .columns td.large-3,.body .columns th.large-3{width:25%}.body .column td.large-4,.body .column th.large-4,.body .columns td.large-4,.body .columns th.large-4{width:33.33333%}.body .column td.large-5,.body .column th.large-5,.body .columns td.large-5,.body .columns th.large-5{width:41.66667%}.body .column td.large-6,.body .column th.large-6,.body .columns td.large-6,.body .columns th.large-6{width:50%}.body .column td.large-7,.body .column th.large-7,.body .columns td.large-7,.body .columns th.large-7{width:58.33333%}.body .column td.large-8,.body .column th.large-8,.body .columns td.large-8,.body .columns th.large-8{width:66.66667%}.body .column td.large-9,.body .column th.large-9,.body .columns td.large-9,.body .columns th.large-9{width:75%}.body .column td.large-10,.body .column th.large-10,.body .columns td.large-10,.body .columns th.large-10{width:83.33333%}.body .column td.large-11,.body .column th.large-11,.body .columns td.large-11,.body .columns th.large-11{width:91.66667%}.body .column td.large-12,.body .column th.large-12,.body .columns td.large-12,.body .columns th.large-12{width:100%}td.large-offset-1,td.large-offset-1.first,td.large-offset-1.last,th.large-offset-1,th.large-offset-1.first,th.large-offset-1.last{padding-left:66px}td.large-offset-2,td.large-offset-2.first,td.large-offset-2.last,th.large-offset-2,th.large-offset-2.first,th.large-offset-2.last{padding-left:116px}td.large-offset-3,td.large-offset-3.first,td.large-offset-3.last,th.large-offset-3,th.large-offset-3.first,th.large-offset-3.last{padding-left:166px}td.large-offset-4,td.large-offset-4.first,td.large-offset-4.last,th.large-offset-4,th.large-offset-4.first,th.large-offset-4.last{padding-left:216px}td.large-offset-5,td.large-offset-5.first,td.large-offset-5.last,th.large-offset-5,th.large-offset-5.first,th.large-offset-5.last{padding-left:266px}td.large-offset-6,td.large-offset-6.first,td.large-offset-6.last,th.large-offset-6,th.large-offset-6.first,th.large-offset-6.last{padding-left:316px}td.large-offset-7,td.large-offset-7.first,td.large-offset-7.last,th.large-offset-7,th.large-offset-7.first,th.large-offset-7.last{padding-left:366px}td.large-offset-8,td.large-offset-8.first,td.large-offset-8.last,th.large-offset-8,th.large-offset-8.first,th.large-offset-8.last{padding-left:416px}td.large-offset-9,td.large-offset-9.first,td.large-offset-9.last,th.large-offset-9,th.large-offset-9.first,th.large-offset-9.last{padding-left:466px}td.large-offset-10,td.large-offset-10.first,td.large-offset-10.last,th.large-offset-10,th.large-offset-10.first,th.large-offset-10.last{padding-left:516px}td.large-offset-11,td.large-offset-11.first,td.large-offset-11.last,th.large-offset-11,th.large-offset-11.first,th.large-offset-11.last{padding-left:566px}td.expander,th.expander{visibility:hidden;width:0;padding:0!important}.block-grid{width:100%;max-width:600px}.block-grid td{display:inline-block;padding:8px}.up-2 td{width:284px!important}.up-3 td{width:184px!important}.up-4 td{width:134px!important}.up-5 td{width:104px!important}.up-6 td{width:84px!important}.up-7 td{width:69px!important}.up-8 td{width:59px!important}h1.text-center,h2.text-center,h3.text-center,h4.text-center,h5.text-center,h6.text-center,p.text-center,span.text-center,table.text-center,td.text-center{text-align:center}h1.text-left,h2.text-left,h3.text-left,h4.text-left,h5.text-left,h6.text-left,p.text-left,span.text-left{text-align:left}h1.text-right,h2.text-right,h3.text-right,h4.text-right,h5.text-right,h6.text-right,p.text-right,span.text-right{text-align:right}span.text-center{display:block;width:100%;text-align:center}@media only screen and (max-width:616px){.small-float-center{margin:0 auto!important;float:none!important;text-align:center!important}.small-text-center{text-align:center!important}.small-text-left{text-align:left!important}.small-text-right{text-align:right!important}}img.float-left{float:left;text-align:left}img.float-right{float:right;text-align:right}img.float-center,img.text-center{margin:0 auto;Margin:0 auto;float:none;text-align:center}table.float-center,td.float-center,th.float-center{margin:0 auto;Margin:0 auto;float:none;text-align:center}table.body table.container .hide-for-large{display:none;width:0;mso-hide:all;overflow:hidden;max-height:0;font-size:0;width:0;line-height:0}@media only screen and (max-width:616px){table.body table.container .hide-for-large{display:block!important;width:auto!important;overflow:visible!important}}table.body table.container .hide-for-large *{mso-hide:all}@media only screen and (max-width:616px){table.body table.container .row.hide-for-large{display:table!important;width:100%!important}}@media only screen and (max-width:616px){table.body table.container .show-for-large{display:none!important;width:0;mso-hide:all;overflow:hidden}}a,body,h1,h2,h3,h4,h5,h6,p,table.body,td,th{color:#0a0a0a;font-family:Helvetica,Arial,sans-serif;font-weight:400;padding:0;margin:0;Margin:0;text-align:left;line-height:1.45}h1,h2,h3,h4,h5,h6{color:inherit;word-wrap:normal;font-family:Helvetica,Arial,sans-serif;font-weight:400;margin-bottom:10px;margin-bottom:10px}h1{font-size:34px}h2{font-size:30px}h3{font-size:28px}h4{font-size:24px}h5{font-size:20px}h6{font-size:18px}body,p,table.body,td,th{font-size:16px;line-height:19px}p{margin-bottom:10px;margin-bottom:10px}p.lead{font-size:20px;line-height:1.6}p.subheader{margin-top:4px;margin-bottom:8px;margin-top:4px;margin-bottom:8px;font-weight:400;line-height:1.4;color:#8a8a8a}small{font-size:80%;color:#cacaca}a{color:#2199e8;text-decoration:none}a:hover{color:#147dc2}a:active{color:#147dc2}a:visited{color:#2199e8}h1 a,h1 a:visited,h2 a,h2 a:visited,h3 a,h3 a:visited,h4 a,h4 a:visited,h5 a,h5 a:visited,h6 a,h6 a:visited{color:#2199e8}pre{background:#f3f3f3;margin:30px 0;Margin:30px 0}pre code{color:#cacaca}pre code span.callout{color:#8a8a8a;font-weight:700}pre code span.callout-strong{color:#ff6908;font-weight:700}hr{max-width:600px;height:0;border-right:0;border-top:0;border-bottom:1px solid #cacaca;border-left:0;margin:20px auto;Margin:20px auto;clear:both}.stat{font-size:40px;line-height:1}p+.stat{margin-top:-16px;margin-top:-16px}table.buttonClass{width:auto!important;margin:0 0 16px 0;Margin:0 0 16px 0}table.buttonClass table td{text-align:left;color:#fefefe;background:#2199e8;border:2px solid #2199e8}table.buttonClass table td a{font-family:Helvetica,Arial,sans-serif;font-size:16px;font-weight:700;color:#fefefe;text-decoration:none;display:inline-block;padding:8px 16px 8px 16px;border:0 solid #2199e8;border-radius:3px}table.buttonClass.radius table td{border-radius:3px;border:none}table.buttonClass.rounded table td{border-radius:500px;border:none}table.buttonClass table tr td a:visited,table.buttonClass.large table tr td a:visited,table.buttonClass.large:active table tr td a,table.buttonClass.large:hover table tr td a,table.buttonClass.small table tr td a:visited,table.buttonClass.small:active table tr td a,table.buttonClass.small:hover table tr td a,table.buttonClass.tiny table tr td a:visited,table.buttonClass.tiny:active table tr td a,table.buttonClass.tiny:hover table tr td a,table.buttonClass:active table tr td a,table.buttonClass:hover table tr td a{color:#fefefe}table.buttonClass.tiny table a,table.buttonClass.tiny table td{padding:4px 8px 4px 8px}table.buttonClass.tiny table a{font-size:10px;font-weight:400}table.buttonClass.small table a,table.buttonClass.small table td{padding:5px 10px 5px 10px;font-size:12px}table.buttonClass.large table a{padding:10px 20px 10px 20px;font-size:20px}table.buttonClass.expand,table.buttonClass.expanded{width:100%!important}table.buttonClass.expand table,table.buttonClass.expanded table{width:100%}table.buttonClass.expand table a,table.buttonClass.expanded table a{text-align:center;width:100%;padding-left:0;padding-right:0}table.buttonClass.expand center,table.buttonClass.expanded center{min-width:0}table.buttonClass:active table td,table.buttonClass:hover table td,table.buttonClass:visited table td{background:#147dc2;color:#fefefe}table.buttonClass:active table a,table.buttonClass:hover table a,table.buttonClass:visited table a{border:0 solid #147dc2}table.buttonClass.secondary table td{background:#777;color:#fefefe;border:2px solid #777}table.buttonClass.secondary table a{color:#fefefe;border:0 solid #777}table.buttonClass.secondary:hover table td{background:#919191;color:#fefefe}table.buttonClass.secondary:hover table a{border:0 solid #919191}table.buttonClass.secondary:hover table td a{color:#fefefe}table.buttonClass.secondary:active table td a{color:#fefefe}table.buttonClass.secondary table td a:visited{color:#fefefe}table.buttonClass.success table td{background:#3adb76;border:2px solid #3adb76}table.buttonClass.success table a{border:0 solid #3adb76}table.buttonClass.success:hover table td{background:#23bf5d}table.buttonClass.success:hover table a{border:0 solid #23bf5d}table.buttonClass.alert table td{background:#ec5840;border:2px solid #ec5840}table.buttonClass.alert table a{border:0 solid #ec5840}table.buttonClass.alert:hover table td{background:#e23317}table.buttonClass.alert:hover table a{border:0 solid #e23317}table.callout{margin-bottom:16px;margin-bottom:16px}th.callout-inner{width:100%;border:1px solid #cbcbcb;padding:10px;background:#fefefe}th.callout-inner.primary{background:#def0fc;border:1px solid #444;color:#0a0a0a}th.callout-inner.secondary{background:#ebebeb;border:1px solid #444;color:#0a0a0a}th.callout-inner.success{background:#e1faea;border:1px solid #1b9448;color:#fefefe}th.callout-inner.warning{background:#fff3d9;border:1px solid #996800;color:#fefefe}th.callout-inner.alert{background:#fce6e2;border:1px solid #b42912;color:#fefefe}.thumbnail{border:solid 4px #fefefe;box-shadow:0 0 0 1px rgba(10,10,10,.2);display:inline-block;line-height:0;max-width:100%;transition:box-shadow .2s ease-out;border-radius:3px;margin-bottom:16px}.thumbnail:focus,.thumbnail:hover{box-shadow:0 0 6px 1px rgba(33,153,232,.5)}table.menu{width:600px}table.menu td.menu-item,table.menu th.menu-item{padding:10px;padding-right:10px}table.menu td.menu-item a,table.menu th.menu-item a{color:#2199e8}table.menu.vertical td.menu-item,table.menu.vertical th.menu-item{padding:10px;padding-right:0;display:block}table.menu.vertical td.menu-item a,table.menu.vertical th.menu-item a{width:100%}table.menu.vertical td.menu-item table.menu.vertical td.menu-item,table.menu.vertical td.menu-item table.menu.vertical th.menu-item,table.menu.vertical th.menu-item table.menu.vertical td.menu-item,table.menu.vertical th.menu-item table.menu.vertical th.menu-item{padding-left:10px}table.menu.text-center a{text-align:center}.menu[align=center]{width:auto!important}body.outlook p{display:inline!important}@media only screen and (max-width:616px){table.body img{width:auto!important;height:auto!important}table.body center{min-width:0!important}table.body .container{width:95%!important}table.body .column,table.body .columns{height:auto!important;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box;padding-left:16px!important;padding-right:16px!important}table.body .column .column,table.body .column .columns,table.body .columns .column,table.body .columns .columns{padding-left:0!important;padding-right:0!important}table.body .collapse .column,table.body .collapse .columns{padding-left:0!important;padding-right:0!important}td.small-1,th.small-1{display:inline-block!important;width:8.33333%!important}td.small-2,th.small-2{display:inline-block!important;width:16.66667%!important}td.small-3,th.small-3{display:inline-block!important;width:25%!important}td.small-4,th.small-4{display:inline-block!important;width:33.33333%!important}td.small-5,th.small-5{display:inline-block!important;width:41.66667%!important}td.small-6,th.small-6{display:inline-block!important;width:50%!important}td.small-7,th.small-7{display:inline-block!important;width:58.33333%!important}td.small-8,th.small-8{display:inline-block!important;width:66.66667%!important}td.small-9,th.small-9{display:inline-block!important;width:75%!important}td.small-10,th.small-10{display:inline-block!important;width:83.33333%!important}td.small-11,th.small-11{display:inline-block!important;width:91.66667%!important}td.small-12,th.small-12{display:inline-block!important;width:100%!important}.column td.small-12,.column th.small-12,.columns td.small-12,.columns th.small-12{display:block!important;width:100%!important}table.body td.small-offset-1,table.body th.small-offset-1{margin-left:8.33333%!important;Margin-left:8.33333%!important}table.body td.small-offset-2,table.body th.small-offset-2{margin-left:16.66667%!important;Margin-left:16.66667%!important}table.body td.small-offset-3,table.body th.small-offset-3{margin-left:25%!important;Margin-left:25%!important}table.body td.small-offset-4,table.body th.small-offset-4{margin-left:33.33333%!important;Margin-left:33.33333%!important}table.body td.small-offset-5,table.body th.small-offset-5{margin-left:41.66667%!important;Margin-left:41.66667%!important}table.body td.small-offset-6,table.body th.small-offset-6{margin-left:50%!important;Margin-left:50%!important}table.body td.small-offset-7,table.body th.small-offset-7{margin-left:58.33333%!important;Margin-left:58.33333%!important}table.body td.small-offset-8,table.body th.small-offset-8{margin-left:66.66667%!important;Margin-left:66.66667%!important}table.body td.small-offset-9,table.body th.small-offset-9{margin-left:75%!important;Margin-left:75%!important}table.body td.small-offset-10,table.body th.small-offset-10{margin-left:83.33333%!important;Margin-left:83.33333%!important}table.body td.small-offset-11,table.body th.small-offset-11{margin-left:91.66667%!important;Margin-left:91.66667%!important}table.body table.columns td.expander,table.body table.columns th.expander{display:none!important}table.body .right-text-pad,table.body .text-pad-right{padding-left:10px!important}table.body .left-text-pad,table.body .text-pad-left{padding-right:10px!important}table.menu{width:100%!important}table.menu td,table.menu th{width:auto!important;display:inline-block!important}table.menu.small-vertical td,table.menu.small-vertical th,table.menu.vertical td,table.menu.vertical th{display:block!important}table.menu[align=center]{width:auto!important}}table.body{background-color:#EBEBEB}.wrapper{width:100%}.grey-background{background-color:#EBEBEB}.grey-background table,.grey-background td,.grey-background tr{background-color:#EBEBEB}.primary-background{background-color:#FFF}.primary-background table,.primary-background td,.primary-background tr{background-color:#FFF}.header-content th.columns.large-6{padding-bottom:5px}.header-content .text-margin>table{margin-top:30px}.header-content .header-text{margin:0 0 10px}.divider p{border-bottom:2px solid #008196}.divider-row th.columns.large-12{width:124px;padding-right:238px;padding-left:238px}.header-text,.header-text>a{font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;color:grey;text-decoration:none}.header-text.link-text a{text-decoration:underline}.small-text{font-size:10px}.xsmall-text{font-size:10px}.header-spacer{padding-top:0!important;padding-right:0!important;padding-bottom:0!important;padding-left:0!important}.header-spacer th{line-height:12px!important}.banner-image tr th{padding-top:0!important;padding-right:0!important;padding-bottom:0!important;padding-left:0!important}.banner-image tr th img{width:600px!important}.main-title{font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;font-size:10px;color:grey}.main-text p{font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;font-size:10px;color:grey;line-height:30px}.buttonClass{background-color:#008196;border:1px solid #008196;border-radius:10px;color:grey;display:block;font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;font-size:10px;line-height:50px;text-align:center;text-decoration:none;width:167px;margin:0 auto;-webkit-text-size-adjust:none;mso-hide:all}.buttonClass:visited{color:grey}.socialContainer th.socialLabel{width:60px}.socialContainer th.columns{padding-bottom:8px}.socialContainer th.columns.socialIcon{padding-right:4px}.socialContainer .socialLabel{padding-left:0;padding-right:0}.socialContainer .socialLabel p{margin-top:5px;color:grey;font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;font-size:10px}.socialContainer .socialIcon img{margin:0 auto}.coral-background{background-color:#0E6C0E}.coral-background table,.coral-background tr,.coral-backgroundtd{background-color:#0E6C0E}.copyContainer p,.legalContainer p{font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;color:grey;font-size:10px;text-align:center;font-weight:700}.copyContainer a,.legalContainer a{font-family:Segoe UI,Frutiger,Helvetica Neue,Arial,sans-serif;text-decoration:none;color:grey;font-size:10px;font-weight:700}.legalContainer p a{text-decoration:underline}@media only screen and (max-width:616px){th.hide-small{visibility:hidden!important;width:0!important;height:0!important;display:none!important;padding-top:0!important;padding-right:0!important;padding-bottom:0!important;padding-left:0!important;margin-top:0!important;margin-right:0!important;margin-bottom:0!important;margin-left:0!important}.hide-small{visibility:hidden!important;width:0!important;height:0!important;display:none!important;padding-top:0!important;padding-right:0!important;padding-bottom:0!important;padding-left:0!important;margin-top:0!important;margin-right:0!important;margin-bottom:0!important;margin-left:0!important}.mobile-p-fix p{width:calc(100% - 40px);margin-left:20px!important;margin-right:20px!important}.mobile-view th.columns{padding-left:0!important;padding-right:0!important}.center-small{display:block;margin:0 auto!important}.socialContainer th.columns{padding-top:0!important;padding-right:0!important;padding-bottom:0!important;padding-left:0!important}.socialContainer .socialIcon a img{margin:0 auto}.socialContainer .socialIcon-first a img{margin-right:0!important}.socialContainer .socialIcon-last a img{margin-left:0!important}} CAUTION: This email is originated from an External Address. Do not visit the links or open attachments unless you recognize the Sender.Register now and secure your spot! View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us CAUTION: This email is originated from an External Address. Do not visit the links or open attachments unless you recognize the Sender. CAUTION: This email is originated from an External Address. Do not visit the links or open attachments unless you recognize the Sender. CAUTION: External Address. Sender. Register now and secure your spot! View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us View in browser Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards,Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser View in browser https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FaYIDwJ5ycB7rBriffsEs5iBhhmADVxXe3CbeawzxbzMx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x%3Fp0%3D4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111521781%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=3qqlq9KCWf5zqgV6ScVXq4zdWB6JMWiAg0T8nkNbWtc%3D&reserved=0 Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FvUrKxXnvLe6mn0vbuNLwanexXo1OVo3e7xig4PkJqRIx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111547107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=3dl5W8tZpkKGVQRY0yEUT%2FukER2dsb6MfOPfcse1gUY%3D&reserved=0 Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli,We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders!As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape.Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence.Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop.Explore the agenda and secure your spot today! Dear Saeed Ahli, Dear Saeed Ahli, Dear Saeed Ahli, Dear Saeed Ahli, Dear Saeed Ahli, We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders! We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot), an exclusive Netways event for UAE Government Leaders! We are pleased to invite you to We are pleased to invite you to We are pleased to invite you to New Era of Automation leveraging D365 (with AI & Copilot) New Era of Automation leveraging D365 (with AI & Copilot) New Era of Automation leveraging D365 (with AI & Copilot) New Era of Automation leveraging D365 (with AI & Copilot) , an exclusive Netways event for UAE Government Leaders! , an exclusive Netways event for UAE Government Leaders! , an exclusive Netways event for UAE Government Leaders! Netways UAE Government Leaders! As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. As a Microsoft Inner Circle partner, Netways brings you unparalleled insights and expertise in harnessing the power of Microsoft Dynamics 365 and AI-driven solutions to transform your digital landscape. Microsoft Inner Circle partner Netways Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence. Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence. Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence. Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence. Join us for this unique opportunity to lead the wave in revolutionizing public services with innovative solutions that pave the way for digital excellence. Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop. Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop. Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop. Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop. Dont miss out a value packed day full of live demos, real-world use cases, networking opportunities and a Free post-event AI workshop. a Free post-event AI workshop Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Explore the agenda and secure your spot today! Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations.Best Regards, Register Now Register Now https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2Fyk1wiRUpDypueA0LVTo9IimzGEoTQwokxYBNOM5x1h4x%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111581827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=0R0Txp%2FUBnRJ5rQs8ozQWPNfIDg%2B7fFAETdogeaAsQM%3D&reserved=0 Register Now Date: Tuesday, 26th November, 2024Time: from 9:00 AM till 4:00 PMLocation: Grand Plaza Mvenpick Media City - Grand 3 Conference Room Date: Tuesday, 26th November, 2024 Date: Tuesday, 26th November, 2024 Date: Tuesday, 26th November, 2024 Date: Tuesday, 26th November, 2024 Time: from 9:00 AM till 4:00 PM Time: from 9:00 AM till 4:00 PM Time: from 9:00 AM till 4:00 PM Time: from 9:00 AM till 4:00 PM Location: Grand Plaza Mvenpick Media City - Grand 3 Conference Room Location: Grand Plaza Mvenpick Media City - Grand 3 Conference Room Location: Location: Grand Plaza Mvenpick Media City - Grand 3 Conference Room Grand Plaza Mvenpick Media City - Grand 3 Conference Room https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2F3Awy7hnpZHX1ZvAACPIi1Rlx6W5h3euxnBHmp3LIroIx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111598291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=yiXORNcky5x1ejGuAQcLbcE%2FvIW7ZClkf6RFWkZlvuE%3D&reserved=0 Grand Plaza Mvenpick Media City - Grand 3 Conference Room We look forward to welcoming you for a day of insights, innovation, and impactful conversations. We look forward to welcoming you for a day of insights, innovation, and impactful conversations. We look forward to welcoming you for a day of insights, innovation, and impactful conversations. We look forward to welcoming you for a day of insights, innovation, and impactful conversations. We look forward to welcoming you for a day of insights, innovation, and impactful conversations. We look forward to welcoming you for a day of insights, innovation, and impactful conversations. https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FHaRBan0foJxz7RupTQnfxSEucnVVxQFGY3CsKFFh3Wcx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111618312%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=gOXfVckHyEnemKrchDuevycBtFYF66TXtotITW%2FgZXQ%3D&reserved=0 Best Regards, Best Regards, Best Regards, Best Regards, Best Regards, Best Regards, Best Regards, Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us Linked inTwitterFacebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us Linked inTwitterFacebook Linked inTwitterFacebook Linked inTwitterFacebook https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FPwCvnPYNbqYrmD3GTjTGq5P6cJmfUb3P25rsu8MAeMox%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111634890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=4uVWkvW1OZ1zBK0SboysT0VceKtNS8i6fCAAkqst0kc%3D&reserved=0 Linked in Linked in Linked in Linked in Linked in Linked in Linked in Linked in Linked in https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FNGlt2VcnDzXYwY3gQyrvonkdyiyAo4kdvaRkExgWowQx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111650871%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=4VR1Ja2LVAwH%2BT3sLaaznWlV3VQYjqZ7zOHc6I74fnE%3D&reserved=0 Linked in https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2F6bLgTazuouzFHaYOfvf9YQAC7JxxwwW1riByfdec5nYx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111666781%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=IkUmtproKYrpkdjXGNm6GN8EqaQkOg7XSMwAvLw0yd8%3D&reserved=0 Twitter Twitter Twitter Twitter Twitter Twitter Twitter Twitter Twitter https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2F3Px38cxyCimNMrTFeYH0jk8fvs8HwD8Q39XSgq6Ggjcx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111682599%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=Ax1%2FTfSiflp2Aes5mludtVtTSST0CweBgMp%2Fxxq7YMQ%3D&reserved=0 Twitter https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FKRuKFOVMJUg39wb3WCspKKoGVmZaX9JuoQhJC4lu17Ex%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111698585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=W%2FAzrB7SMmh%2F8IPHQJfhAe%2Bi3UAldrirpMHRblJSZj4%3D&reserved=0 Facebook Facebook Facebook Facebook Facebook Facebook Facebook Facebook Facebook https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2F2JYMXYjUNNPqWbShZozR5kggIPNmiHXh21kUjUFar9wx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111714639%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=L81NeigrlumKblUDyHK4UsB82UrHLu5Ix8dpFuqeXt8%3D&reserved=0 Facebook 2024 NetwaysMedia City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab EmiratesManage your preferences or Unsubscribe |Learn About Us 2024 Netways 2024 Netways 2024 Netways 2024 Netways 2024 Netways Netways Media City, Building 10 - 3rd Floor - Office 315 & 316Dubai - United Arab Emirates Media City, Building 10 - 3rd Floor - Office 315 & 316 Media City, Building 10 - 3rd Floor - Office 315 & 316 Media City, Building 10 - 3rd Floor - Office 315 & 316 Dubai - United Arab Emirates Dubai - United Arab Emirates Dubai - United Arab Emirates Manage your preferences or Unsubscribe |Learn About Us Manage your preferences or Unsubscribe |Learn About Us Manage your preferences or Unsubscribe |Learn About Us Manage your preferences or Unsubscribe Manage your preferences or Unsubscribe https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2F8liKO1RP5Nozys7DCxdu5Aoqyxry2cHqqUkI4KRcvQwx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111730541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=L%2F%2FVQ%2FeXGkTSRg6C3LuB6ZKwN04Gx%2F2jAsHlTk72fS0%3D&reserved=0 https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FwvSg0xyc6RLGsKHnPyRZWBLnJRon8oMwojMJPdd3Pukx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111746309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=AR19EEJeLsa2aQT9FNvMEEprx0FNsJOggjKkTV2x6mM%3D&reserved=0 Learn About Us https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FeG1qEJvASb1308WOxWbMPza2JiBKzhZhn53mhNaFXwkx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111764379%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=Jm6xjnQkybZu5N4lB%2FZeYz0%2FTs0ZFHWbpKT4DGWrYyc%3D&reserved=0 https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FUp4rkVXub9Wfd57bH3oPeY5m8HxxaKsfGPF6UsM6Stwx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111782728%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=dEmWkCSWA2EwCymZnwBxwaHKAVFps69pwwlqOq%2F9F70%3D&reserved=0 https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeefdd6e50d8438292d27fd577e4eccd.svc.dynamics.com%2Ft%2Ft%2FoIlOZX8FR5r90dPxdPrnmn2ERWXoYA0GoQHeNfb58Fkx%2F4k3w8LVfcGiVMur1xu1R5VGdjje7wjuXlHsNE2zS4G8x&data=05%7C02%7CSaeed.Ahli%40dubaiculture.ae%7Cea4b7dc4e03444c72fc208dcf746af47%7C1ee74fefbf154332b65a6df657279935%7C1%7C0%7C638657131111798368%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=3m9eAnHfXns4wChhp1qT3%2BEPFwtlrVq57ajTUbI5QnE%3D&reserved=0
                                                            Attachments:

                                                              Headers

                                                              Key Value
                                                              Receivedfrom mail32.nam.pb-dynmktg.com ([40.78.242.24]) by mailb.dubai.gov.ae with Trustwave MailMarshal (using TLS: TLSv1.3, TLS_AES_256_GCM_SHA384) id <B671f7a700001>; Mon, 28 Oct 2024 15:50:08 +0400
                                                              Authentication-Resultsspf=softfail (sender IP is 185.78.244.246) smtp.mailfrom=nam.pb-dynmktg.com; dkim=fail (body hash did not verify) header.d=netways.com;dmarc=fail action=none header.from=netways.com;
                                                              Received-SpfPass (domain nam.pb-dynmktg.com designates 40.78.242.24 as a permitted sender), client-ip=<40.78.242.24>; identity=<b-2_kvpcjl7mdr2exc5atlxfioe5l4-xjjawinf8twy53z3z@nam.pb-dynmktg.com>; helo=<mail32.nam.pb-dynmktg.com>;
                                                              Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; s=namkey1; d=netways.com; h=From:Date:Subject:Message-Id:Reply-To:To:MIME-Version:Content-Type; bh=XEO4Oi9yIGH5L+VuMVax9dc5iHHZ79xzv36AMzLVHtw=; b=CXyT1NqLh5A5lpEwacMdTSsedelZXQweGHBgpD1GX9gk7bMr9h3sRtwTfM/fTemRlH1sYdW71094 DeZn7vViaoKoxPOx0ulQMnd60gll1W3ehdraLzeukrq+oY1MvuOyebbgcn4ETGUflPYWk1autfmy rTyRdfe3apTJKLPqfDtHuRLNEWhMUasdTPP0z5GWqZ3nzTV9OeEuUVkpsZuhtOTK0frfI3TJWBjt ZVBeD4X6kiAGPORYHpZudDo29Lu4JD2KQVdI5SJEVFcaP9JefOzWc2uzh3SdBZnvducJ0CQvrDOu eRi4KjRt5/ijeBu3ZLdW0ni5K9Ranyrt+H/O7g==
                                                              FromNetways UAE <UAEPresales@netways.com>
                                                              DateMon, 28 Oct 2024 11:50:05 +0000
                                                              SubjectInvitation to Netways Exclusive Event for UAE Government Leaders: New Era of Automation Leveraging D365 (AI & Copilot)
                                                              Message-Id<K8VCJ632HOU4.07ESYVT8ZBVW1@nam.pb-dynmktg.com>
                                                              Reply-ToNetways UAE <etannoury@netways.com>
                                                              ToSaeed Hussain Ahli <Saeed.Ahli@dubaiculture.ae>
                                                              X-Ms-Dynamics-Message-Id2_kvpcjl7mdr2exc5atlxfioe5l4-xjjawinf8twy53z3z
                                                              X-Ms-Dynamics-Instancenckkryeldtvcmrhojqubtvfowfsrtl2whlxusv2cjeo2
                                                              X-Ms-Dynamics-Codepackageversion2.31.1377.0
                                                              Feedback-Id26349f19-7e76-eeab-94a5-776f975f3876:MicrosoftDynamics
                                                              X-Job26349f19-7e76-eeab-94a5-776f975f3876
                                                              Recipientaddresshash 2WR3FT36h6u2jYHx7ZguWqRulJucfrmXXhuliKzcd5Q2_dmr6xi4Cs2Iy2XfeZWb2bIh2Xk2ksHYJO0u26LQwUew2
                                                              Recipientaddressheaderc2FlZWQuYWhsaUBkdWJhaWN1bHR1cmUuYWU=
                                                              MIME-Version1.0
                                                              Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17301702311890.8986131502649886"
                                                              X-Seg-Spamprofiler-Analysisv=2.4 cv=Qes0vdbv c=1 sm=1 tr=0 ts=671f7a72 b=1 a=hWz+rIed9//w3+EMRtgoEA==:117 a=hWz+rIed9//w3+EMRtgoEA==:17 a=pzWEwtAwUX82o6I_:21 a=DAUX931o1VcA:10 a=5KLPUuaC_9wA:10 a=Z8wmFl-sV_8A:10 a=r5zRjQt4AAAA:8 a=PeggnSubAAAA:8 a=_eAf-nm5AAAA:20 a=jU4qhlNgAAAA:8 a=JqEG_dyiAAAA:8 a=3j4BkbkPAAAA:8 a=H-cbqGW-AAAA:8 a=PZwkDwmzAAAA:8 a=Ge_ww8WfAqN_2FUpJt4A:9 a=QEXdDO2ut3YA:10 a=SSmOFEACAAAA:8 a=xDONv2IyAAAA:8 a=bEsmIfPZX_hOd7X5fQ0A:9 a=Ghox27_F2nnV_Vqa:21 a=_W_S_7VecoQA:10 a=rVnDm9A_-c-k2ki-JAcA:9 a=3ZKOabzyN94A:10 a=HVCJ0IJiMMPcIibu7siF:22 a=CH6J4EzbLt0hLAs7JrUd:22 a=w4DDguBSxOhI2s_bNKw-:22 a=jk8pEJA1CyqTSy0iiE9F:22
                                                              X-Seg-Spamprofiler-Score0
                                                              Return-Path b-2_kvpcjl7mdr2exc5atlxfioe5l4-xjjawinf8twy53z3z@nam.pb-dynmktg.com
                                                              X-Tm-Snts-Smtp 8DDE3D278AE4FA0406949F5A1D247D9D95436717FC4A092A5DF58DD029D74F732000:8
                                                              X-Exclaimer-Md-Config1b89284e-e4ca-4afb-b899-c4370bca71aa
                                                              X-OrganizationheaderspreservedHBWPMBX01.msg.dubai.gov.ae
                                                              X-Ms-Exchange-Organization-Expirationstarttime28 Oct 2024 11:50:14.0217 (UTC)
                                                              X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                                              X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                                              X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                                              X-Ms-Exchange-Organization-Network-Message-Id ea4b7dc4-e034-44c7-2fc2-08dcf746af47
                                                              X-Eopattributedmessage0
                                                              X-Ms-Exchange-Organization-MessagedirectionalityOriginating
                                                              X-Ms-Exchange-Organization-Scl1
                                                              X-CrosspremisesheaderspromotedDX1PEPF000003F1.AREP273.PROD.OUTLOOK.COM
                                                              X-CrosspremisesheadersfilteredDX1PEPF000003F1.AREP273.PROD.OUTLOOK.COM
                                                              X-Ms-PublictraffictypeEmail
                                                              X-Ms-Traffictypediagnostic DX1PEPF000003F1:EE_|DX0P273MB1268:EE_|AU2P273MB0355:EE_
                                                              X-Ms-Exchange-Organization-AuthsourceHBWPMBX05.msg.dubai.gov.ae
                                                              X-Ms-Exchange-Organization-AuthasAnonymous
                                                              X-Originatororgdubaiculture.ae
                                                              X-Ms-Office365-Filtering-Correlation-Id ea4b7dc4-e034-44c7-2fc2-08dcf746af47
                                                              X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                                              X-Microsoft-Antispam BCL:0;ARA:13230040|82310400026|69100299015|4123199012|5063199012|5073199012|30082699015|4022899009|1032899013|8096899003|2066899003;
                                                              X-Forefront-Antispam-Report CIP:185.78.244.246;CTRY:AE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:smtp.dubaiculture.ae;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(69100299015)(4123199012)(5063199012)(5073199012)(30082699015)(4022899009)(1032899013)(8096899003)(2066899003);DIR:INB;
                                                              X-Ms-Exchange-Crosstenant-Originalarrivaltime28 Oct 2024 11:50:14.0061 (UTC)
                                                              X-Ms-Exchange-Crosstenant-Network-Message-Id ea4b7dc4-e034-44c7-2fc2-08dcf746af47
                                                              X-Ms-Exchange-Crosstenant-Id1ee74fef-bf15-4332-b65a-6df657279935
                                                              X-Ms-Exchange-Crosstenant-Originalattributedtenantconnectingip TenantId=1ee74fef-bf15-4332-b65a-6df657279935;Ip=[185.78.244.246];Helo=[smtp.dubaiculture.ae]
                                                              X-Ms-Exchange-Crosstenant-AuthsourceHBWPMBX05.msg.dubai.gov.ae
                                                              X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                                              X-Ms-Exchange-Crosstenant-FromentityheaderHybridOnPrem
                                                              X-Ms-Exchange-Transport-CrosstenantheadersstampedDX0P273MB1268
                                                              X-Ms-Exchange-Transport-Endtoendlatency00:01:36.9846653
                                                              X-Ms-Exchange-Processed-By-Bccfoldering15.20.8093.023
                                                              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                              X-Microsoft-Antispam-Message-Info GXe/pK7AqR8ClGGlr3ReULhQy1qYFQB+VL6oRcskdpuCu18xYCVWsi0+PLe5nA+4hwy4+1RSowcUZMh0+j7p/Io38Pkt3Jh1UC532vUyFGNj/2RmjQn30tNXRP1+vRHuO0bM4lR2LNx3J7L5meVVWW7zEm8GNHRvcpepDRJmKH2ZNobUj++L+E2ILMnZUiE26NOKdm61Ni9Jt4sdjCN/l2LPvMuLhOJN0niW5CfUB9oxNUbb8qQXLA9UB1abHqTLb+l4Z2ywLiyBzI4Z1/KEIMetUSQuzjawzzGmpWhdmg6KpbOTKmQ4afO92gThm/iekGEYjmticxf1WJwhU8OvA0FcSAWkcbIiZHhQI9uEOMPPm4zsipQ+4BvP/sEMbETn4f9LYmVROOqo3SiEo2GpZjbDE3NrXFteAxtYKji7eE6sSzRWFdl4XaXfYBLntrJU18NtGvSbnJydCfhNl/l5lqabxV53YLZdNur0bc3nlhH54tLuieWJsB0Vk37GZ9Ie5Jsca6Q7hXze1RY1GdlTjRYFKBRmQNsCoKB7iyqzc89fuI34TycXc+zwifEmrS9EQlkgyb5OHiDhvi+7pEvneINX2Vq58maoMyPjgzeg2HNUdlS9oTdPUMylJlzrmSYKnUIUSfgkG4OR9TXlXYNwb/YwICSIWMMdd5X4me78GKoO5jvVGINTqlsRvs06ZoPxUovZ8KNfYwgdCYxEohcev80qiuw0v2Kpc5y9tAa0Kt7umWHPLg6aAUuBNUI54a7lXCjhq3BlDhtUEU/Y9r2U1USqFfJYVZUmQGVlGgGZ0Zf9n65vBysboud03Pv9TA3QHIA0O2H5CbCgIbQfWoJ0v6x4QRnxYR5Zw6Le1sauNZx7528Z4Kex0scKg6iNN5W7N6BYk+/V1mRcznmw8Je/7lfiw/TP0WRFp9Cf32GIMr8uBifKg8zpWX8o8dKlsnYii8YCeMwWkY4vL/qI6AX5NU1E0cb1Ncdr9JbbhmZR2XniBgEjPa5rzdN1yXNy7Xk+47me+KxUYWBKuLMqxm3ksJGCKeKb6Ejt4srm37fHR104tjXEQTgtbKVRRxfpr5zGn4fIx8vSULnSLKqGf8L3CrpfrP+HEZjPkGeXm4wo0MGgvOl++qcY4/YykWQb/ymrqawN2AaISWiNBplpTXnWQIjdBdV3b/0hMpQWBrJzidA0zeH3YOdp/LtRFf0gN/Tb+kzxQE2XiUeMp63cqUwK9l7shLoMR/zDD5BaLDENQF82xxRA1X96TgzlqSNB7BOL+fRzeADtSqcSIhJlpZvHbMvdEbqR02Lge4Iy2nj9c+irkCzehkfb/1ffbuIhrTKk0rT/TQLYWgnWW9CGZuo6xCqpfZ07L73KQKnlOWFs37tSc62aVhuHdoJ48CW3x7WzUseNO3TJxxw+UetQDjVMv6UWJVgKQAxJXADdx+i1pQTkDWSZyrjNlc9CyeHuxU3F5FypCV08+dxZuoF/Br0zKvZXRqZnWbDfiRSqW4UlDS8zBpkjKT352nTQsdW/FAs/InVXxzT71yhxSlmB/Ff/iZVKJFBTKHBNwkto/NJIfiJahJTQze8Kemjoui6nJ0bIto+YEbWMr1eET/LoL/i7NfyxMl8ytn1GcZwOHPYHuDDFWezlK+bhlSUNeZUz1PuRaT+KpO5mrC0XIMM+BVyVjU45udRT/X6Hkzf1KI4q9HbB6C5++8hvAU5WyaR1Xh41DeFrXKZNx1pqPih8g21587qUx9ueIFDO4617kNazmjLcfAilsB0rKO8iNBYsAGIQ6AZxhB/K00nVCKNRcf2zyI0KIDiS7sD+GxPRHml1OPmcEUbGyXkTv6GcCpYcoG4ZexGwby5qkobVxb7xyffXbe69lo9qwSaJgV1nQmX1miQ=
                                                              Content-Transfer-Encoding7bit

                                                              File Icon

                                                              Icon Hash:46070c0a8e0c67d6

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 29, 2024 05:57:10.841861010 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.841896057 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842034101 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842067957 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842103958 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842334986 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842334986 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842361927 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842412949 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842416048 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842425108 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842607021 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842642069 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842741013 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842828989 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842832088 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842864990 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.842947960 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842952967 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.842972994 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.843178034 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.843178988 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.843188047 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.843197107 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.843291998 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.843291998 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.843292952 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:10.843303919 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.843306065 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:10.843322992 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.577543020 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.577636957 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.581481934 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.581551075 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.582432985 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.582506895 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.586015940 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.586074114 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.587085009 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.587115049 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.587217093 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.587225914 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.587380886 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.587660074 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.588444948 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.588459015 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.588776112 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.590307951 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.590316057 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.590598106 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.590939045 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.591212988 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.592474937 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.592530966 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.594006062 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.594084978 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.595177889 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.595192909 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.595453978 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.596663952 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.618825912 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.618894100 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.621731997 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.621745110 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.621990919 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.623094082 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.631325006 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.631325006 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.639323950 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.639327049 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.639341116 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.667326927 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.731692076 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.731755972 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.731816053 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.731832027 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.731874943 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.731903076 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.731947899 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.733916998 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.733932018 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.733942032 CET49973443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.733947039 CET4434997313.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.834827900 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.834849119 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.834865093 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.834908962 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.834919930 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.834952116 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.834973097 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.838465929 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.838494062 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.838538885 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.838552952 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.838551998 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.838623047 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.839061975 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.839061975 CET49969443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.839082003 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.839091063 CET4434996913.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.871743917 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.871797085 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.871855974 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.871881008 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.871897936 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.871927023 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.871946096 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.872030973 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.872165918 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.872222900 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.885358095 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.885379076 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.885407925 CET49970443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.885416031 CET4434997013.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.937414885 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.937434912 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.937479973 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.937551975 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.937551975 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.937573910 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.937658072 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.951682091 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.951699972 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.951750994 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.951770067 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.951783895 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.951803923 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.992809057 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.992872953 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.992883921 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.992896080 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.992949963 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.993000031 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.993011951 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:11.993022919 CET49968443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:11.993029118 CET4434996813.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.056689024 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.056706905 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.056806087 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.056818008 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.056870937 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.059667110 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.059726954 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.059768915 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.059854031 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.059854031 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.059875965 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.059974909 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.176203966 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.176228046 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.176371098 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.176371098 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.176382065 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.176810980 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.177086115 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.177146912 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.177165985 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.177175999 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.177237988 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.177237988 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.294650078 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.294691086 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.295335054 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.295335054 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.295356035 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.295356989 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.295418978 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.295449018 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.295469046 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.295469046 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.295902967 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.296474934 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.297091961 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.297122002 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.297255993 CET49972443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.297264099 CET4434997213.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.419297934 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.419393063 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.419481039 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.419481039 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.419492960 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.419585943 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.529644966 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.529702902 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.529751062 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.529763937 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.529994965 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.529994965 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.647102118 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.647177935 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.647278070 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.647278070 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.647294998 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.647342920 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.764420033 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.764470100 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.764549971 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.764559031 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.764578104 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.764592886 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.807096004 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.807152987 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.807205915 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.807214022 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.807225943 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.807459116 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.924841881 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.924870968 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.924935102 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.924943924 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:12.924967051 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:12.925029993 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.042165041 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.042226076 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.042337894 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.042337894 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.042356968 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.042433977 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.159547091 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.159595013 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.159624100 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.159634113 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.159676075 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.159676075 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.283265114 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.283293962 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.283330917 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.283341885 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.283389091 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.283401966 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.284673929 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.284692049 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.284737110 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.284744024 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.284800053 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.284800053 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.401361942 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.401390076 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.401453972 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.401473999 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.401493073 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.401659012 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.518349886 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.518371105 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.518462896 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.518486023 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.518527985 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.520306110 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.520323992 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.520405054 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.520405054 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.520417929 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.520462036 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.636383057 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.636413097 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.636457920 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.636475086 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.636502981 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.636521101 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.753806114 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.753834009 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.753930092 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.753947020 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.754043102 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.754869938 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.754892111 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.754975080 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.754981995 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.755059004 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.871277094 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.871304989 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.871505976 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.871535063 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.871622086 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.872798920 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.872821093 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.872898102 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.872910976 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.873076916 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.989342928 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.989372969 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.989492893 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:13.989515066 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:13.989581108 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.034239054 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.034270048 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.034424067 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.034439087 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.034533978 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.106947899 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.106988907 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.107047081 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.107065916 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.107086897 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.110399008 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.175631046 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.175663948 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.175740957 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.175770044 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.175791025 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.175935030 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.224369049 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.224396944 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.224508047 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.224526882 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.224566936 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.293164968 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.293191910 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.293243885 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.293257952 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.293303967 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.293389082 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342081070 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.342113018 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.342207909 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.342212915 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342212915 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342272997 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342464924 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342464924 CET49971443192.168.2.713.107.246.45
                                                              Oct 29, 2024 05:57:14.342474937 CET4434997113.107.246.45192.168.2.7
                                                              Oct 29, 2024 05:57:14.342482090 CET4434997113.107.246.45192.168.2.7

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 29, 2024 05:57:10.770790100 CET6345753192.168.2.71.1.1.1
                                                              Oct 29, 2024 05:57:10.785443068 CET5467253192.168.2.71.1.1.1
                                                              Oct 29, 2024 05:57:12.167053938 CET5881453192.168.2.71.1.1.1

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Oct 29, 2024 05:57:10.770790100 CET192.168.2.71.1.1.10xdfaStandard query (0)deefdd6e50d8438292d27fd577e4eccd.svc.dynamics.comA (IP address)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.785443068 CET192.168.2.71.1.1.10x60d6Standard query (0)assets-usa.mkt.dynamics.comA (IP address)IN (0x0001)false
                                                              Oct 29, 2024 05:57:12.167053938 CET192.168.2.71.1.1.10x9280Standard query (0)augloop.office.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Oct 29, 2024 05:56:36.504843950 CET1.1.1.1192.168.2.70x8d95No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                              Oct 29, 2024 05:56:36.504843950 CET1.1.1.1192.168.2.70x8d95No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.792474031 CET1.1.1.1192.168.2.70xdfaNo error (0)deefdd6e50d8438292d27fd577e4eccd.svc.dynamics.commktsvcp102wu001.svc.dynamics.comCNAME (Canonical name)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.792474031 CET1.1.1.1192.168.2.70xdfaNo error (0)mktsvcp102wu001.svc.dynamics.commktsvcp102wu001.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.818820953 CET1.1.1.1192.168.2.70x60d6No error (0)assets-usa.mkt.dynamics.comassets-mkt-usa.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.818820953 CET1.1.1.1192.168.2.70x60d6No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                              Oct 29, 2024 05:57:10.818820953 CET1.1.1.1192.168.2.70x60d6No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                              Oct 29, 2024 05:57:12.174974918 CET1.1.1.1192.168.2.70x9280No error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • assets-usa.mkt.dynamics.com

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.74997313.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/ebd1da46-5d90-ef11-ac21-6045bdd88425?ts=638651883871101109 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:11 UTC503INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 3150
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: 81044be54a32c957c5633ec6ba55adeb
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-16849878b786fl7gm2qg4r5y70000000068g00000000g01a
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:11 UTC3150INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1e 00 00 00 1e 08 06 00 00 00 3b 30 ae a2 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 05 c9 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                              Data Ascii: PNGIHDR;0pHYs+iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.74996813.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/07cb3dfa-6cd1-ee11-9079-000d3a1b99b1?ts=638441944531652733 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:11 UTC504INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 37246
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: 0c2afafc4a73590b93bcf6236496a180
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-16849878b787wpl5wqkt5731b400000006qg00000000m6np
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:11 UTC15880INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 c1 00 00 00 3a 08 06 00 00 00 90 f5 5b 47 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 12 74 00 00 12 74 01 de 66 1f 78 00 00 00 5f 69 54 58 74 53 6e 69 70 4d 65 74 61 64 61 74 61 00 00 00 00 00 7b 22 63 6c 69 70 50 6f 69 6e 74 73 22 3a 5b 7b 22 78 22 3a 30 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 36 31 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 36 31 2c 22 79 22 3a 35 39 7d 2c 7b 22 78 22 3a 30 2c 22 79 22 3a 35 39 7d 5d 7d 89 95 4b a8 00 00 90 a8 49 44 41 54 78 5e bd fd 69 92 2c c9 d2 25 86 55 dd 7a af bb d1 04 d1 10 21 44 40 21 84 0d 0a 44 f8 8b 3f b8 0e ec aa b7 00 ec 96 fd bd aa e2 19 74 32 75 8b a1 06 e0 c4 f5 30 3d 3a 1c
                                                              Data Ascii: PNGIHDR:[GsRGBgAMAapHYsttfx_iTXtSnipMetadata{"clipPoints":[{"x":0,"y":0},{"x":961,"y":0},{"x":961,"y":59},{"x":0,"y":59}]}KIDATx^i,%Uz!D@!D?t2u0=:
                                                              2024-10-29 04:57:11 UTC16384INData Raw: 18 87 9e f3 8a ee ba c2 f2 7f d4 79 a5 f7 82 cf 42 0d 2f ae 7b 61 15 24 be e8 2b 9f 4f 2c df d2 d1 e7 43 3c 3e 9e e7 07 0f 4c 3d 0d df e8 9c 19 42 e8 68 d0 b8 75 12 db 73 d3 49 a1 49 3f d4 5d 66 22 d4 47 cb 21 eb b6 be d3 63 dc 79 f7 d3 be 13 f7 ba c4 f7 3f 13 8c 19 c4 b4 c9 e5 22 b8 c9 c5 17 fd 70 d6 c6 93 1b b3 e4 ea 08 07 72 58 e9 13 86 b8 b8 43 52 fc e5 1f 4a d5 22 b0 d9 90 8f 0e cd 87 51 b9 9c 13 b5 b2 e1 9d 1b 55 c6 a4 cd 10 fa e2 dc da 40 d0 1f 35 01 fd c2 2d 4e c4 4d 2c 57 0c bb 7f ee 18 71 1c 74 d7 fa a4 8b 83 f9 84 82 34 2a 13 ff 70 50 53 70 9e 9e 63 dd c7 7c a2 98 93 7d 92 67 dd d0 a8 18 6d 1c 2e 83 0f 0f ad d3 8e d8 d4 44 9d 6a b4 7b 72 fd b1 51 cb 7a e0 b7 5f 71 7e d4 95 74 bc 41 86 2e ce a7 ef 10 33 30 41 5d 25 e2 b0 be bc 9a cf 1f e4 76 30
                                                              Data Ascii: yB/{a$+O,C<>L=BhusII?]f"G!cy?"prXCRJ"QU@5-NM,Wqt4*pPSpc|}gm.Dj{rQz_q~tA.30A]%v0
                                                              2024-10-29 04:57:11 UTC4982INData Raw: 78 64 f8 bd 1e f8 43 a7 1d cd 2a 21 b0 b8 12 f1 d4 05 01 1b ed be ad 6f 78 8a c2 48 77 f2 49 6b b4 bf b1 f8 55 e7 fc ff f9 2b 9d c4 3a 5f 9f 75 12 cb bf fa d2 e7 d5 a6 23 7b d5 5d 75 24 10 3a 49 6f e7 79 e3 e2 0b 9d 0c cd f5 19 b4 4e 8f 71 e7 67 7b 3e 3b ef fb 5a fc 14 18 f4 43 5d e1 f4 eb bc 2c 1d 0c 97 ea 4f fa e6 ad 23 8a 4d f0 ff fc d3 cf ff f1 7f fc 7f c1 c5 3b b8 d8 24 72 63 aa df ca 1c 1c 99 f9 56 e4 bc 93 ea cd 2b 37 94 88 c5 cf f1 6a 81 bc 9b a9 7c 6f 36 73 13 cc 19 7f fe 05 9b 44 39 f1 8f f5 ca 89 2e ec b4 86 00 9b 7b 58 f4 e0 bf 5b cc 7e b0 c9 65 0d 57 cf bb c6 2c c9 4d 6d 8d ec 8f 9b 1c 24 d5 5d 63 22 75 0d d6 fd 1c 6f e9 e6 5d 52 6d 7c 72 ad 12 0e 3d d5 41 4b 6b a6 6d 9d f0 aa 87 34 b4 b9 53 8e f1 eb bf fd 57 f4 8b 39 a8 cb 0d 62 f6 ce a2 d8
                                                              Data Ascii: xdC*!oxHwIkU+:_u#{]u$:IoyNqg{>;ZC],O#M;$rcV+7j|o6sD9.{X[~eW,Mm$]c"uo]Rm|r=AKkm4SW9b


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.74997213.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/d04bc7c8-d891-ef11-ac21-6045bdd88425?ts=638653513834098786 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:11 UTC511INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 61958
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: d0e9009f940aa13a3a6e32e507048602
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-17c5cb586f6r59nt869u8w8xt80000000540000000000xvg
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L2_T2
                                                              X-Cache: TCP_REMOTE_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:11 UTC15873INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 01 c2 03 20 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                              Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222 "}!1AQa"q2
                                                              2024-10-29 04:57:12 UTC16384INData Raw: d3 41 9e 29 45 25 15 e8 88 5a 29 29 68 00 a2 8a 29 80 53 e1 ff 00 5f 1f fb c3 f9 d3 29 f0 ff 00 af 8f fd e1 fc e8 07 b0 d6 fb c7 eb 49 4a df 78 fd 69 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 51 45 14 00 51 45 14 00 51 45 14 00 54 87 fe 3d 97 fd f3 fc 85 47 52 1f f8 f6 5f f7 cf f2 14 81 91 d1 45 14 00 51 45 14 01 a1 fd a6 13 4f 16 b1 44 ca 77 2b 6e 79 0b 05 23 9c a8 c7 cb 93 d6 92 f7 52 17 71 32 47 6e b0 f9 92 f9 d2 e1 89 dc f8 ed e8 39 3c 7b d5 0a 2a b9 99 92 a1 4d 3e 6b 17 db 54 66 84 c7 e5 2e 0c 31 c5 9c ff 00 71 b3 9f c6 a4 7d 61 de 56 7f 25 46 5a 76 c6 ef f9 ea 30 7f 2a cc a2 8e 66 1e c2 9f 6f eb 62 7b ab 93 72 d1 b1 50 be 5c 4b 1f 07 ae d1 8c d4 14 51 53 73 48 c5 45 59 05 14 51 48 61 45 25 14 00 54 90 ff 00 ac 3f ee b7 f2 35 1d 49 0f fa
                                                              Data Ascii: A)E%Z))h)S_)IJxi(((()QEQEQET=GR_EQEODw+ny#Rq2Gn9<{*M>kTf.1q}aV%FZv0*fob{rP\KQSsHEYQHaE%T?5I
                                                              2024-10-29 04:57:12 UTC16384INData Raw: cf 34 36 97 9b 6e 1e 0d 3e 75 61 34 c2 df fd 6f 41 85 23 a0 04 f3 83 4c d7 7c 0d 79 a0 69 46 f6 5b db 59 e4 82 58 a1 bd b7 88 36 fb 57 91 37 a0 24 8c 36 47 52 3a 1e 2a 7d a4 5b b5 c4 ce 4b ca 34 f5 8e bb 31 f0 fa ee 4d 0a 3d 46 2d 52 c9 e7 6d 3d 75 33 65 b5 c4 8b 6e 5b 69 6d d8 da 48 3d b3 9a bf ff 00 0a 97 5a ff 00 84 d3 fe 11 af b6 d9 ef 36 df 6a fb 5f cd e5 6d dd b3 1d 33 9d ff 00 2e 28 f6 b0 5d 45 a9 e7 f4 8d 4e 90 14 91 93 a9 56 2a 7f 03 8a 6e 3d 6a c4 30 52 d2 1f 96 98 5b de 90 c9 73 c5 1b f9 a8 19 8f 4c d2 64 d1 71 d8 b3 ab ff 00 c8 6a fb fe be 24 ff 00 d0 8d 53 ab 9a bf fc 86 af bf eb e2 4f fd 08 d5 3a c1 6c 06 ad 8e 9f 1b c1 1c b3 47 24 cf 31 6f 2a 14 70 83 6a fd e7 66 3d 07 f8 1a 4b fd 3e 38 e1 92 68 63 92 17 89 94 4d 0b b8 7c 06 fb ac ac 3a a9
                                                              Data Ascii: 46n>ua4oA#L|yiF[YX6W7$6GR:*}[K41M=F-Rm=u3en[imH=Z6j_m3.(]ENV*n=j0R[sLdqj$SO:lG$1o*pjf=K>8hcM|:
                                                              2024-10-29 04:57:12 UTC13317INData Raw: 47 84 a9 79 9f ee 42 57 3f 2b 12 08 c8 24 71 9e 6a 8d 8e a6 fa 6f da 17 c9 86 e2 0b 98 fc b9 e0 98 1d ae 01 0c 3a 10 41 04 02 08 35 34 9e 2e d5 b6 ac 3a 7b a6 9c a2 45 75 16 39 8f 84 5d a8 a4 e7 2c 07 27 9c 92 58 92 4d 67 2e 6b e8 5c 52 1d 6f e1 b4 b9 f0 df f6 af da 27 2d e5 c8 e4 43 6d e6 45 01 42 40 49 58 1d c8 cd 8e 0e dc 7c c3 9e b8 dd 97 c0 51 d8 dc 43 03 cf 74 9e 64 b1 46 d7 77 16 8a 96 e3 78 07 21 f7 92 40 cf a0 e9 da ab da eb 37 12 49 25 d7 f6 75 84 57 52 2c aa b7 11 46 c8 c8 b2 ee de a0 06 da 7e fb 63 70 24 67 d8 63 46 eb 5f 06 65 bc fe cd b1 5b b0 ca cd 2e d7 6d db 40 18 2a cc 54 82 06 0f 14 e3 0a 97 bb 33 a9 56 3b 23 37 5b d1 62 d1 1a 15 ff 00 49 5d e1 8f 97 75 6f e5 30 c1 ea 30 4a b0 3d 88 3e b9 ae 52 e2 56 9a 42 a8 33 fd 2b a0 d5 f5 59 75 3b
                                                              Data Ascii: GyBW?+$qjo:A54.:{Eu9],'XMg.k\Ro'-CmEB@IX|QCtdFwx!@7I%uWR,F~cp$gcF_e[.m@*T3V;#7[bI]uo00J=>RVB3+Yu;


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.74997113.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/47fceed3-1395-ef11-8a6a-6045bdd88425?ts=638657065932161473 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:12 UTC512INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 459388
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: 1172a0364565427062a0ed655f469b39
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-17c5cb586f62blg5ss55p9d6fn00000006mg00000000m1gc
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L2_T2
                                                              X-Cache: TCP_REMOTE_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:12 UTC15872INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 14 00 00 01 f4 08 06 00 00 00 4c ed a1 79 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 07 02 11 49 44 41 54 78 01 ec 7d 09 c0 1c 45 95 ff ab 49 b8 c1 e0 01 a2 ae 10 c4 fb 48 82 27 ea 92 04 15 6f 48 3c d7 83 1c 28 e2 15 4c 10 d4 bf 2b 90 84 a0 ab bb 28 20 b8 ae 0a e6 c2 75 3d 49 82 37 48 0e ef 63 95 04 6f 45 08 ba 0a 78 00 72 43 be a9 7f bf ea a9 e9 ea ea ea ee 3a bb 6b e6 eb 5f 68 be 99 9e ae a3 eb 7c f5 ab f7 ea 91 29 64 2e 85 52 90 c1 a5 0f 8c ac 87 a1 28 58 c0 2c ad 62 58 22 7c 33 8d cb fc 5d dd d1 46 9a 69 1d 61 ba d4 31 6d 39 f7 66 65 ae f7 2c 65 b9 24 2c cf 64 d0 ba 78 be 4d 73 cf c3 e9
                                                              Data Ascii: PNGIHDRLypHYs%%IR$sRGBgAMAaIDATx}EIH'oH<(L+( u=I7HcoExrC:k_h|)d.R(X,bX"|3]Fia1m9fe,e$,dxMs
                                                              2024-10-29 04:57:12 UTC16384INData Raw: d4 81 e8 f0 45 17 eb d7 5c 3e 34 8d 3e 6e f1 73 e1 82 73 37 b0 cf 98 3e 33 77 be f6 06 76 36 23 8b 7b 79 7a ee e3 1b 8e 3f 77 18 7e ce e0 fc 44 24 04 75 9d 9d 60 5c 2a c7 29 bc c6 d0 eb f5 9c b9 e9 f9 8b 27 2d 3b 96 91 8a 1c 8b 06 5a 93 68 f2 2e 6a 2f 62 fa 9c 88 44 67 2d 78 ad 4d 88 d0 4b 37 7e 2f a9 fb 1f 0c e2 37 39 47 42 95 b3 32 f4 72 61 a6 4c 3f 00 26 5e f6 32 98 d8 0d 1d 08 a5 7b 57 a8 55 d8 1b 9c f1 49 09 4d 35 17 f0 2f dd 05 bb c8 5e 4c 43 ee a0 7b fe 06 b7 7d e5 87 70 7f 7a 03 bc e7 84 1b 60 f7 5d b7 c1 6e bd 84 f8 43 ad 46 ca a7 48 8c a3 c7 c2 d3 61 de 92 5f 12 12 f2 4e 7a 10 bc f5 df f6 83 bf de 24 4e a8 6a 88 84 1d 92 61 9f be f8 db 70 dc 82 a3 60 9f 7d f6 84 d7 bc f6 19 f0 5f ff f9 35 66 1e 7e cc b1 4f 86 87 3c e4 fe ec d9 4f ad df 92 f4 a5
                                                              Data Ascii: E\>4>nss7>3wv6#{yz?w~D$u`\*)'-;Zh.j/bDg-xMK7~/79GB2raL?&^2{WUIM5/^LC{}pz`]nCFHa_Nz$Njap`}_5f~O<O
                                                              2024-10-29 04:57:12 UTC16384INData Raw: 77 ea 3b 19 c9 44 59 bb b4 59 04 3d 43 d1 9f c7 67 3a 98 a7 09 d8 3b 6a 89 00 ec 6c b3 f6 49 45 2a ec a2 da 8b 21 fc dc 40 b3 b4 33 f8 aa bf 78 84 11 2e de 85 d2 52 14 3f d9 d7 9b 8b 90 c0 d3 16 eb 3e a6 7e 18 ba 2d f8 8e bf 59 2d 0a 35 65 e3 aa 71 d9 46 ff e3 42 b3 6c 06 dd 6c 79 16 d1 51 2f fe 50 27 10 75 65 dd 08 7a 4d 69 02 8f 0b ba c5 6e 33 68 af 9c 69 61 d1 a6 da 68 d2 eb 33 76 b4 32 05 51 0f 0c 97 56 ee d6 c8 c2 5b 35 6e da cc 3f 8f d2 58 e3 22 f7 54 91 36 b6 24 60 a6 99 28 52 8a 76 30 6b c3 59 a8 90 9a 89 1c fd 61 1a ed b7 94 f1 19 eb b3 de ef 63 a3 cb ad 5c a8 2b 0f 3e 46 b0 1b 8b e5 31 d5 26 bc 5d d8 11 71 ca 32 78 31 62 32 d0 85 18 6e dc b5 8a 78 67 69 77 30 b4 9b 30 dc 11 42 1b cb 97 f6 9d 3b 32 71 a8 cf f6 8f 7d fb 1e cb 77 73 17 a3 63 93 c1
                                                              Data Ascii: w;DYY=Cg:;jlIE*!@3x.R?>~-Y-5eqFBllyQ/P'uezMin3hiah3v2QV[5n?X"T6$`(Rv0kYac\+>F1&]q2x1b2nxgiw00B;2q}wsc
                                                              2024-10-29 04:57:12 UTC16384INData Raw: b2 d6 21 92 ab 65 da a3 67 ad fc 34 7c 63 ee 7b 73 f7 50 4b 12 c9 5c fc 6d fd 9a 2b 84 78 1e c7 3c 47 2f 51 6a 51 5e 61 4c d2 ca 28 13 0b 55 e3 2b 6a fe 21 49 27 7b 4e 46 e2 e8 c7 3f fd 20 23 05 37 6d fc 41 e1 cc 45 7c 07 24 11 51 c3 52 65 b6 8d a6 ce a7 9e bc 1a 7c 02 f3 b0 0d fc 02 09 51 99 1c c3 bc ab c9 44 f5 c8 85 ed 01 c9 4d 31 9e 54 a3 f5 71 2c cf 4d 82 0c 26 e5 32 59 05 cf 25 44 cf cc 0b 16 cd c9 dd c7 72 f8 cd 35 17 24 f5 bd 85 9d 5b 88 ef 9f af ef c7 26 6d f9 c9 83 fa 2e 6a 0a 22 11 79 96 40 a0 72 e1 56 97 7c a8 7b ae 2c df 22 44 5d 2d 80 b6 45 cf 32 cd 46 b1 77 f6 85 fb bd 21 21 45 86 4b 33 39 1e fd f2 1c 29 e0 19 8a 23 f6 5a fc 5c 2a 3a 24 f9 44 4c 68 c5 90 42 87 d4 16 3f fb 6b e1 a9 b1 11 1d 6a 50 65 da 54 aa 9c f8 d9 a8 a7 b5 71 12 81 8a 09
                                                              Data Ascii: !eg4|c{sPK\m+x<G/QjQ^aL(U+j!I'{NF? #7mAE|$QRe|QDM1Tq,M&2Y%Dr5$[&m.j"y@rV|{,"D]-E2Fw!!EK39)#Z\*:$DLhB?kjPeTq
                                                              2024-10-29 04:57:12 UTC16384INData Raw: 58 8e ad 09 a9 01 27 5c 56 63 25 d3 93 46 a5 b6 4b f3 dd b6 23 f6 17 4f 28 22 89 87 1a 7f ab 56 ae 23 13 64 13 68 02 8c 64 1c ba f9 f0 13 63 08 24 48 90 b0 43 59 a7 b7 20 e3 0a 83 5b c7 98 36 92 94 48 6a f6 8f d0 26 44 68 12 70 e1 fc 57 23 b5 b8 e6 a8 e8 d3 35 2a 3f 3a df a3 c7 5c e4 39 6f 80 d2 10 9c 34 ee 11 1a 93 34 51 88 da 7b 61 2d 41 93 76 bd 0d 22 10 b1 3a c4 5d 09 d6 0b e6 0f 3f c3 22 17 a3 d6 97 5c 58 94 cf 4f fb 8a c6 7a de b0 4e 5b 50 98 1b 73 02 c9 e9 fb eb cf e9 53 17 42 18 16 0a 12 14 d1 81 2c 22 78 ce fc c6 05 d6 fd f3 ca 0d cc 85 7d 6f f1 94 cd 56 65 6b 95 47 ee 0d 2e 92 06 df 37 4d 26 22 61 38 cd 17 15 19 17 7b 51 ae 9b 2d 08 3a 33 10 8b e9 a6 ab dc 6f 32 96 1b dd 08 a1 0c 3b 60 d0 e9 62 81 78 34 6d 48 30 e2 bb 81 e4 2b 5a 15 05 af d3 5a
                                                              Data Ascii: X'\Vc%FK#O("V#dhdc$HCY [6Hj&DhpW#5*?:\9o44Q{a-Av":]?"\XOzN[PsSB,"x}oVekG.7M&"a8{Q-:3o2;`bx4mH0+ZZ
                                                              2024-10-29 04:57:12 UTC16384INData Raw: ad 22 05 9d 19 07 63 b9 ef ab b4 1c 4d 62 50 12 9b ae a4 e1 4d 83 7b 65 b2 18 70 c8 c4 04 e7 bc b2 ce 75 0f 23 48 18 2b e3 f8 ce a3 e7 64 69 57 44 36 71 11 68 b5 6c 19 8b db ae 09 b3 74 d5 e6 98 9b 3a f5 c0 15 61 2a cd c1 51 6b d4 d6 e6 d2 f9 fa b5 94 03 b0 14 67 a1 50 f8 bb 94 3b ad b0 bd 51 f2 77 34 58 9e df 6e da 2e 9a b7 3e 10 0e fb 5e 37 38 e8 c4 6f 01 ec de 0d ff 59 bc 04 3e 5d f5 7f c0 f7 ec 72 c6 ae f8 08 3e 4b b7 df 57 fe 49 19 50 fb aa da 7f 7f a8 da 77 7f c8 ee dc 01 7b b6 6e 11 e4 66 2d b5 3d 34 a5 ce 54 35 83 ea 03 0e 80 7d 0e 3a 04 f6 39 e2 0b b0 5f bb 76 d0 b2 7d 1b d8 ef a8 23 a0 e5 17 c5 be 03 f7 03 56 5d 0d b5 bb f6 c0 ae 8f b6 c0 8e 7f 7f 2c 08 c6 f7 61 c7 ba 75 f0 f9 ba f7 61 d7 c7 1f 09 92 f1 53 5a 8c 40 1f 8f d5 e2 5e fb 7c f1 4b d0
                                                              Data Ascii: "cMbPM{epu#H+diWD6qhlt:a*QkgP;Qw4Xn.>^78oY>]r>KWIPw{nf-=4T5}:9_v}#V],auaSZ@^|K
                                                              2024-10-29 04:57:12 UTC16384INData Raw: 51 96 11 75 9a 77 92 79 6f 95 cb a7 b5 5c 98 45 22 10 b5 01 4d 72 ca 91 a9 4c 82 52 e5 1d 81 64 e2 c4 89 0f c1 06 d1 7e ef b9 77 04 dc 77 ff f5 70 d1 85 13 94 dc 60 ca 64 96 f2 19 cd 8d dc 9b 64 a9 1a 83 c5 7d b1 ae 6e fc c5 4c 78 e4 c1 1b e9 c8 8f 7f 32 c3 bd 86 bb 73 11 bc de 56 f3 3d 34 93 46 dc 7d f7 42 49 f8 98 24 ac fe cb 81 02 d5 98 40 6d bc d5 ab 0c 82 5b cb 62 e2 0f 12 ac f9 a0 c9 c2 d6 07 ee e7 90 b6 71 10 35 4f 9d 33 eb 4f a2 3d 0d 82 21 43 fb 8a 7a 9d e7 3c 6f 2a b7 71 3e 73 e4 69 ad 73 08 e0 38 18 e7 be 7b 70 f7 1a 4d 52 61 c3 d8 b4 69 2b cc 9d f3 1c 0c 1d 76 3e 05 06 42 52 4f 9b 14 a3 39 70 a1 f3 68 ac 77 24 0b d1 34 19 37 4d 1c e6 0c c0 d2 4d 72 1d 4f 3f fd 12 c4 45 db b6 5f 08 10 90 e4 97 53 c8 95 07 1d 26 2d 9d 8e bd fa 6a 60 ab df 83 ff
                                                              Data Ascii: Quwyo\E"MrLRd~wwp`dd}nLx2sV=4F}BI$@m[bq5O3O=!Cz<o*q>sis8{pMRai+v>BRO9phw$47MMrO?E_S&-j`
                                                              2024-10-29 04:57:12 UTC16384INData Raw: 4f 2a 79 96 82 3d 28 39 25 6e 55 52 3a ca 94 06 c1 16 a2 91 18 4c 3a 4e 30 26 bb 6f ac d3 bb 65 a9 16 3c 13 48 03 51 cd 88 59 f9 b2 bd c1 0f 5d bf da 20 2e fd 24 1f 4c 4e dc f6 aa 1d 06 7d b4 f6 92 1f 45 73 cd 25 e2 94 2d f6 12 2f aa c4 60 4a 59 dc a5 d4 55 f6 47 6d da 32 b5 ab 39 28 0d 92 ae 33 c1 58 d8 22 26 40 76 02 d9 c2 87 39 63 7d 8a 8b 58 ad e1 c3 f3 be b8 c5 a4 bf c5 ca f4 c9 9f 7e b2 fd 9e fb c2 7e af 3e 1e 76 fa e3 03 60 f5 d2 e5 70 cb 7f 9d 0f f7 5c 75 39 9b c4 93 c8 98 68 8d 32 fd c9 07 f6 e8 42 87 0f f8 c9 c4 be c9 fe b6 99 e3 8d e8 3e 62 ea 6d 76 da 0d 76 7b e6 73 60 b7 c3 9e 00 eb ee 59 01 b7 9e 77 21 ac bc f6 ff d8 32 c7 ee 21 8a f1 3a 93 32 e7 11 09 42 75 6e 6a d1 da 43 52 11 09 c3 7a 6c 24 05 3b e4 3d 03 bb 20 f0 4d b6 88 02 b7 29 d7 b4
                                                              Data Ascii: O*y=(9%nUR:L:N0&oe<HQY] .$LN}Es%-/`JYUGm29(3X"&@v9c}X~~>v`p\u9h2B>bmvv{s`Yw!2!:2BunjCRzl$;= M)
                                                              2024-10-29 04:57:12 UTC16384INData Raw: 3d f4 95 76 4a 91 c8 01 8a 83 2f 27 1b 64 ec d7 e8 e3 92 34 41 eb 5a b4 60 21 cf 53 20 c1 58 2a 90 fc d6 e4 57 b1 6a f9 6e dc 2a 5b 8e d0 4c bf 55 8b f4 41 2a 6d 74 19 ba be 1d 54 4e 7c f5 c7 c8 f7 1f 46 22 fe e7 7f 79 3d 05 14 e9 4a 39 8e f1 37 9d f2 02 f8 fe 8f fe 01 2e 8a 1f 14 0c d4 81 c4 e2 c9 6f 3e 96 b4 db da 82 01 5b 8e 89 64 e3 97 bf f4 03 b8 99 34 18 9d 99 13 e4 00 d4 5b 2b 06 5b 0e 3c a8 f1 f4 9f 25 aa f4 e7 39 e7 fc 90 08 b6 77 bd eb 25 d0 9e 68 50 33 ee b7 bf fd 0c 7c e4 23 af 96 ac 5b 92 b2 cc e3 a5 97 5e 47 e4 d8 49 27 3d 2f 92 50 bb 9a 32 f3 3a f3 ee f7 bc 14 7e fb fb cf 92 79 75 1b 7e 3a a7 3e 75 ed 35 f3 ae f8 df 03 ab d6 c1 97 bf fc 7d 0a b8 a2 3e 12 ad 60 5d eb f5 33 85 70 fc 68 6c 03 34 d5 b6 6b f0 0e 3b 6c 1b eb fe 1f e1 fa 9b be 98
                                                              Data Ascii: =vJ/'d4AZ`!S X*Wjn*[LUA*mtTN|F"y=J97.o>[d4[+[<%9w%hP3|#[^GI'=/P2:~yu~:>u5}>`]3phl4k;l
                                                              2024-10-29 04:57:13 UTC16384INData Raw: 65 ba 1a bd 76 5e 46 51 93 5a 90 89 43 88 06 9c 38 49 3d 99 4c 7b 81 88 b0 e2 4d c1 a7 89 9e 89 06 f6 c3 c6 df 01 81 3e 9d 44 79 a1 cb 00 83 38 1a 02 96 7c 2d 28 61 81 cf 79 39 85 ac cc a4 47 a6 d1 a2 e2 4e 5a 7a f8 5d 0d 01 da 80 47 fc ed 38 36 f1 94 9d 08 13 a2 95 46 a5 d2 20 31 90 36 03 0a d6 40 4c 48 75 5b 5c d9 bd 02 69 15 06 08 ed ae 42 79 ab 05 66 31 c8 0a de a5 72 a7 0a f1 ac cc 4e a6 47 44 80 64 33 62 bb 08 a7 42 27 b0 ac ff a8 0f a1 60 9e eb 2d 6a 66 3b f1 5d c5 ab bb 4c 43 33 90 cd 2b 53 72 a2 ec ba e7 fc 5e a0 3e 01 07 05 3a aa b5 ea 5c e1 97 46 1d 62 67 40 32 41 d9 42 48 8b 9d 8d 60 4d a6 c7 68 be ef 6b 32 41 c7 45 2d 88 6f 2b 22 b2 64 53 ca a7 cc c0 3e 2a a5 4f 50 5d d5 2e f9 1a aa c0 81 ad e7 50 49 18 72 35 29 c1 3e 54 19 70 8a 57 5c 03 1c
                                                              Data Ascii: ev^FQZC8I=L{M>Dy8|-(ay9GNZz]G86F 16@LHu[\iByf1rNGDd3bB'`-jf;]LC3+Sr^>:\Fbg@2ABH`Mhk2AE-o+"dS>*OP].PIr5)>TpW\


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.74996913.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/0210afd2-8d8c-ef11-ac21-6045bdd88425?ts=638647694283804824 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:11 UTC512INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/jpeg
                                                              Content-Length: 12486
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: bf4edf6e7e11f75f57b424286da859b2
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-r197bdfb6b4qbfppwgs4nqza8000000004ng00000000abyd
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L2_T2
                                                              X-Cache: TCP_REMOTE_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:11 UTC12486INData Raw: ff d8 ff e1 03 81 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 91 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 2d c6 c0 00 00 27 10 00 2d c6 c0 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 33 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 31 37 20 31 36 3a 34 31 3a 30 39 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 1e a0 03 00 04 00 00 00 01 00 00 00 1e 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00
                                                              Data Ascii: ExifMM*bj(1r2i-'-'Adobe Photoshop 25.3 (Windows)2024:10:17 16:41:09"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.74997013.107.246.454437568C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-29 04:57:11 UTC255OUTGET /af245e55-1cec-4b74-8ba0-9aee54389d5f/digitalassets/images/059dee09-8e8c-ef11-ac21-6045bdd88425?ts=638647695186496666 HTTP/1.1
                                                              Connection: Keep-Alive
                                                              User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                                                              Host: assets-usa.mkt.dynamics.com
                                                              2024-10-29 04:57:11 UTC512INHTTP/1.1 200 OK
                                                              Date: Tue, 29 Oct 2024 04:57:11 GMT
                                                              Content-Type: image/jpeg
                                                              Content-Length: 13059
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              x-ms-trace-id: 48fd91e81691ca27a202ce4f07273b12
                                                              Strict-Transport-Security: max-age=2592000; preload
                                                              x-content-type-options: nosniff
                                                              x-azure-ref: 20241029T045711Z-15b8d89586fzcfbd8we4bvhqds00000000z0000000009dbs
                                                              x-fd-int-roxy-purgeid: 78362346
                                                              X-Cache-Info: L2_T2
                                                              X-Cache: TCP_REMOTE_HIT
                                                              Cache-Control: public, max-age=2592000
                                                              Accept-Ranges: bytes
                                                              2024-10-29 04:57:11 UTC13059INData Raw: ff d8 ff e1 03 74 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 91 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 2d c6 c0 00 00 27 10 00 2d c6 c0 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 33 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 31 37 20 31 36 3a 34 31 3a 35 34 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 1e a0 03 00 04 00 00 00 01 00 00 00 1e 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00
                                                              Data Ascii: tExifMM*bj(1r2i-'-'Adobe Photoshop 25.3 (Windows)2024:10:17 16:41:54"


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:00:56:27
                                                              Start date:29/10/2024
                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
                                                              Imagebase:0x220000
                                                              File size:34'446'744 bytes
                                                              MD5 hash:91A5292942864110ED734005B7E005C0
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:2
                                                              Start time:00:56:32
                                                              Start date:29/10/2024
                                                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A2E811BA-8EE8-4D9B-B294-2324B35EC9D9" "9DC555F0-4DDE-45D0-8693-5EC74425237E" "7568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                              Imagebase:0x7ff70b5f0000
                                                              File size:710'048 bytes
                                                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              Disassembly

                                                              No disassembly