Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1545419
MD5:f7d379660cb12c8b8e6bb1781405ace0
SHA1:921f525ae5ac591b54f1895305cf6e68f2c6b72c
SHA256:e4a6b887fdf894a7033231b4980ad457d8c6f179710f6b6d035f864fd13bec39
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Detected suspicious crossdomain redirect
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2900 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3948 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45854816-28C8-43AE-B3A1-5B9CB7FCBAD7" "FD07CE83-88CA-4AAB-98D5-8B666B516E2F" "2900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 676 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6232 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 1576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,2850293778313205684,17181352970453802899,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 4976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1804,i,11570297093855634459,16413912245633909466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • HxOutlook.exe (PID: 7284 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 3052 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2900, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2900, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: urldefense.com to http://www.siemens.co.in/sts
Source: global trafficHTTP traffic detected: GET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox ViewIP Address: 13.32.27.94 13.32.27.94
Source: Joe Sandbox ViewIP Address: 52.71.28.102 52.71.28.102
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4o16CG2dFkhrV+L&MD=fhyU57l+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4o16CG2dFkhrV+L&MD=fhyU57l+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=B5786FF8-3453-4616-B94D-5348C714CD0F&ring=7 HTTP/1.1Accept: */*User-Agent: microsoft.windowscommunicationsappsAccept-Language: en-CHAccept-Encoding: gzip, deflate, brHost: settings.data.microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$ HTTP/1.1Host: urldefense.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /STS HTTP/1.1Host: www.siemens.co.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /STS HTTP/1.1Host: www.siemens.co.inConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: urldefense.com
Source: global trafficDNS traffic detected: DNS query: www.siemens.co.in
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 77EC63BDA74BD0D0E0426DC8F80085060.12.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/c780dddc8-18a1-5781-895a-a690464fa89c
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/cacheFileFullNotificationPercentagehttp://test-exp-s2s.msedge.net/
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/ccacheFileFullNotificationPercentagecacheMemoryFullNotificationPer
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/ge780dddc8-18a1-5781-895a-a690464fa89c780dddc8-18a1-5781-895a-a690
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 2D85F72862B55C4EADD9E66E06947F3D0.12.drString found in binary or memory: http://x1.i.lencr.org/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.aadrm.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.aadrm.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.cortana.ai
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.microsoftstream.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.office.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.onedrive.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://api.scheduler.
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmp, 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://app.powerbi.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://augloop.office.com
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://augloop.office.com/v2
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: HxAccounts.exe, 00000016.00000002.2030228403.0000026264A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/
Source: HxAccounts.exe, 00000016.00000002.2030228403.0000026264A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/f
Source: HxAccounts.exe, 00000016.00000002.2030228403.0000026264A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az815563.vo.msecnd.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://canary.designerapp.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.entity.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 4c3d840b-cbb5-4d41-a225-1a2788ce0f4a.tmp.13.dr, 6077c4dc-d1d5-478b-b492-c186eb595f2b.tmp.13.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/standardprotectionsadvancedprotections
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/blocklowlabelimageloads
Source: HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/https://config.edge.skype.net/config/v1/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cortana.ai
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cortana.ai/api
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://cr.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://d.docs.live.net
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dev.cortana.ai
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://devnull.onenote.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://directory.services.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ecs.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://edge.skype.com/rps
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://graph.windows.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://graph.windows.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ic3.teams.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://invites.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://lifecycle.office.com
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ImmersiveShellBroker
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.microsoftonline.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmp, OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.dr, 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.windows.local
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
Source: OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drString found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drString found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drString found in binary or memory: https://login.windows.localnullD
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://make.powerautomate.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://management.azure.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://management.azure.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.action.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://messaging.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://mss.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ncus.contentsync.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: HxAccounts.exe, 00000016.00000002.2030260718.0000026264A13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nexus.officeapps.live.com
Source: HxAccounts.exe, 00000016.00000002.2030260718.0000026264A13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nexusrules.officeapps.live.comF
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officeapps.live.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officepyservice.office.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://onedrive.live.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office365.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office365.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://powerlift.acompli.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://res.cdn.office.net
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://service.powerapps.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://settings.outlook.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://staging.cortana.ai
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://substrate.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://tasks.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: phish_alert_sp2_2.0.0.0.eml, ~WRS{9142C685-306D-4D33-BE82-CC431361D9AF}.tmp.1.drString found in binary or memory: https://urldefense.com/v3/__http://www.siemens.co.in/STS__;
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://webshell.suite.office.com
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://wus2.contentsync.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drString found in binary or memory: https://www.yammer.com
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
Source: HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com5P
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@35/72@9/5
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45854816-28C8-43AE-B3A1-5B9CB7FCBAD7" "FD07CE83-88CA-4AAB-98D5-8B666B516E2F" "2900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,2850293778313205684,17181352970453802899,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1804,i,11570297093855634459,16413912245633909466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45854816-28C8-43AE-B3A1-5B9CB7FCBAD7" "FD07CE83-88CA-4AAB-98D5-8B666B516E2F" "2900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,2850293778313205684,17181352970453802899,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1804,i,11570297093855634459,16413912245633909466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelclient.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.23.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: PDF document contains prominent button: 'click here to view document'
AI detected potential phishing Email
Source: EmailLLM: Detected potential phishing email: The email uses urgent language and threats of account blocking to create pressure
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe TID: 5208Thread sleep count: 157 > 30Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe TID: 5208Thread sleep count: 37 > 30Jump to behavior
Source: settings.dat.18.drBinary or memory string: VMware, Inc. VMware20,1?O
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Modify Registry		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545419 Sample: phish_alert_sp2_2.0.0.0.eml Startdate: 30/10/2024 Architecture: WINDOWS Score: 48 40 x1.i.lencr.org 2->40 42 www.siemens.co.in 2->42 44 2 other IPs or domains 2->44 52 AI detected potential phishing Email 2->52 54 AI detected landing page (webpage, office document or email) 2->54 9 OUTLOOK.EXE 508 150 2->9         started        12 HxOutlook.exe 48 18 2->12         started        14 HxAccounts.exe 2->14         started        signatures3 process4 file5 30 C:\...\~Outlook Data File - NoEmail.pst.tmp, data 9->30 dropped 32 C:\Users\...\Outlook Data File - NoEmail.pst, Microsoft 9->32 dropped 34 C:\Users\user\AppData\Roaming\...34oEmail.srs, Composite 9->34 dropped 16 chrome.exe 9->16         started        19 Acrobat.exe 63 9->19         started        21 ai.exe 9->21         started        process6 dnsIp7 36 192.168.2.16, 138, 443, 49707 unknown unknown 16->36 38 239.255.255.250 unknown Reserved 16->38 23 chrome.exe 16->23         started        26 AcroCEF.exe 108 19->26         started        process8 dnsIp9 46 www.google.com 142.250.185.100, 443, 49736 GOOGLEUS United States 23->46 48 d3cvvob82dpuhl.cloudfront.net 13.32.27.94, 443, 49734, 49738 ATT-INTERNET4US United States 23->48 50 2 other IPs or domains 23->50 28 AcroCEF.exe 6 26->28         started        process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    urldefense.com
    		52.71.28.102
    		truefalse
      		unknown
      www.google.com
      		142.250.185.100
      		truefalse
        		unknown
        d3cvvob82dpuhl.cloudfront.net
        		13.32.27.94
        		truefalse
          		unknown
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		unknown
            www.siemens.co.in
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://urldefense.com/v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$false
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://shell.suite.office.com:144307110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://designerapp.azurewebsites.net07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://autodiscover-s.outlook.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://useraudit.o365auditrealtimeingestion.manage.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com/connectors07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://cdn.entity.C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drfalse
                  		unknown
                  https://rpsticket.partnerservices.getmicrosoftkey.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://lookup.onenote.com/lookup/geolocation/v107110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://config.edge.skype.net/config/v1/https://config.edge.skype.net/config/v1/HxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://api.aadrm.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://canary.designerapp.07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.yammer.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.microsoftstream.com/api/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                      		unknown
                      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://cr.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://messagebroker.mobile.m365.svc.cloud.microsoft07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://otelrules.svc.static.microsoft07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                        		unknown
                        https://edge.skype.com/registrar/prod07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://res.getmicrosoftkey.com/api/redemptionevents07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://tasks.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://login.windows.localROUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drfalse
                          		unknown
                          https://officeci.azurewebsites.net/api/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://my.microsoftpersonalcontent.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            		unknown
                            https://store.office.cn/addinstemplate07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://edge.skype.com/rps07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://messaging.engagement.office.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.odwebp.svc.ms07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.powerbi.com/v1.0/myorg/groups07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://web.microsoftstream.com/video/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.addins.store.officeppe.com/addinstemplate07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://graph.windows.net07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://login.windows.localnullDOUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl.1.drfalse
                              		unknown
                              https://consent.config.office.com/consentcheckin/v1.0/consents07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://notification.m365.svc.cloud.microsoft/PushNotifications.Register07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                		unknown
                                https://xsts.auth.xboxlive.com5PHxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://d.docs.live.net07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    		unknown
                                    https://safelinks.protection.outlook.com/api/GetPolicy07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ncus.contentsync.07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://weather.service.msn.com/data.aspx07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://mss.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://pushchannel.1drv.ms07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://xsts.auth.xboxlive.com/HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://wus2.contentsync.07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://clients.config.office.net/user/v1.0/iosC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://api.addins.omex.office.net/api/addins/search07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://xsts.auth.xboxlive.comHxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://outlook.office365.com/api/v1.0/me/Activities07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://clients.config.office.net/user/v1.0/android/policiesC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://entitlement.diagnostics.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://outlook.office.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                          		unknown
                                          https://storage.live.com/clientlogs/uploadlocation07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            		unknown
                                            https://login.microsoftonline.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://substrate.office.com/search/api/v1/SearchHistory07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://clients.config.office.net/c2r/v1.0/InteractiveInstallation07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://service.powerapps.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://graph.windows.net/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://devnull.onenote.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://messaging.office.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://config.edge.skype.net/config/v1/blocklowlabelimageloadsHxAccounts.exe, 00000016.00000002.2030314433.0000026264A27000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://skyapi.live.net/Activity/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.12.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.cortana.aiC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                		unknown
                                                https://messaging.action.office.com/setcampaignaction07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://visio.uservoice.com/forums/368202-visio-on-devices07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://staging.cortana.aiC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://onedrive.live.com/embed?07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                  		unknown
                                                  https://augloop.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.diagnosticssdf.office.com/v2/fileC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://login.windows.local/HxAccounts.exe, 00000016.00000002.2032628220.000002626BE90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://officepyservice.office.net/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.diagnostics.office.comC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://store.office.de/addinstemplate07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://wus2.pagecontentsync.07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.powerbi.com/v1.0/myorg/datasets07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://cortana.ai/apiC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.diagnosticssdf.office.com07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://login.microsoftonline.com/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.addins.omex.office.net/appinfo/query07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://clients.config.office.net/user/v1.0/tenantassociationkeyC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://powerlift.acompli.net07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://cortana.aiC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.powerbi.com/v1.0/myorg/importsC9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://notification.m365.svc.cloud.microsoft/07110881-6EE1-4F10-BBD4-D91FD1D9288F.18.dr, C9A5A8AA-5019-4F3A-A07D-8788A38DF98E.1.drfalse
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      13.32.27.94
                                                      		d3cvvob82dpuhl.cloudfront.netUnited States
                                                      		7018ATT-INTERNET4USfalse
                                                      52.71.28.102
                                                      		urldefense.comUnited States
                                                      		14618AMAZON-AESUSfalse
                                                      142.250.185.100
                                                      		www.google.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      239.255.255.250
                                                      		unknownReserved
                                                      		unknownunknownfalse

                                                      Private

                                                      IP
                                                      192.168.2.16

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1545419
                                                      Start date and time:2024-10-30 14:40:35 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 5m 21s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:26
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:phish_alert_sp2_2.0.0.0.eml
                                                      Detection:MAL
                                                      Classification:mal48.winEML@35/72@9/5
                                                      EGA Information:Failed
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 0
                                                      • Number of non-executed functions: 0
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .eml

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, HxTsr.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 2.19.85.159, 52.109.32.7, 2.19.126.151, 2.19.126.160, 52.111.231.24, 52.111.231.26, 52.111.231.25, 199.232.214.172, 52.182.143.215, 52.109.76.144, 184.28.88.176, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 2.23.197.184, 23.32.184.135, 2.19.126.143, 2.19.126.149, 93.184.221.240, 13.107.42.16, 142.250.184.227, 142.251.168.84, 142.250.186.78, 34.104.35.123
                                                      • Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, acroipm2.adobe.com, clients2.google.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, ssl.adobe.com.edgekey.net, nleditor.osi.office.net, outlookmobile-office365-tas.msedge.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, settings.data.microsoft.com, ecs.office.trafficmanager.net, clients.l.google.com, geo2.adobe.com, europe.configsvc1.live.com.akadns.net, omex.cdn.office.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ne
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                      • Report size getting too big, too many NtSetValueKey calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: phish_alert_sp2_2.0.0.0.eml

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      09:41:34API Interceptor2x Sleep call for process: AcroCEF.exe modified

                                                      LLM Input / Output

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      13.32.27.94https://replybb.wixstudio.io/my-siteGet hashmaliciousUnknownBrowse
                                                        https://www.thefirsthbcu.com/Get hashmaliciousHTMLPhisherBrowse
                                                          https://www.instagram.com/greymatterconcepts/?hl=enGet hashmaliciousUnknownBrowse
                                                            Wire-transaction073921.exeGet hashmaliciousSilverRatBrowse
                                                              https://myallsouth.com/privacy-policy/Get hashmaliciousUnknownBrowse
                                                                https://seismic.com/products/aura-copilot/Get hashmaliciousUnknownBrowse
                                                                  http://microsoftsatutalenta.vfairs.com/en/registration-form/Get hashmaliciousUnknownBrowse
                                                                    http://ss1.us/a/4Y56S54fGet hashmaliciousHTMLPhisherBrowse
                                                                      52.71.28.102Fw Fw EMAIL VALIDATION.msgGet hashmaliciousHTMLPhisherBrowse
                                                                        attachment (15).emlGet hashmaliciousUnknownBrowse
                                                                          2024-09-09 Allstate MSP Schedule page.htmlGet hashmaliciousUnknownBrowse
                                                                            https://urldefense.com/v3/__https:/www.tiktok.com/**Clink/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.**Camp*s**Cc**At**Ah**B.**Av**An*.dev*vzQIRsw2*ZGpvcmRhbkBtaWRvcmVnb24uY29t=$**B__;Ly8vLy8vLy8vL-KAi8Ktwq3igIvCrcKtLy8v44CC!!OyaRKFsH3g!mcXflt2ERl_n86iMStwZCC0oNlPS7qCRUYbOyyXmqXMA34z5dHKQFBCDcaHd8yq-0z2MCnm8nnlvLnUhRQ$Get hashmaliciousHTMLPhisherBrowse
                                                                              FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                                                                https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkE1TgzAYhP-Kw4GTLYSPBjrDaC3Wj0Iram31wiBJkBaSEAKIjv_d0oMHb---u_PszH4rjSiU6ZnyISWvp5p2lAgTTGs85oIxwllO5ThlpdYag3nReKfoyJzFMceMF7juKRZZjodULEseq8jzu3CRRGrq4ebmrZZp8uwXRZuX1yvnHe53oqvWZNTas3iOeEZfSJ6HoSq8rQ2D2x2bbx8tbKysTWv6b19PM74Ck-px9B6t73NUrXYb0WVq6e39SEQ3h9j6cLrFIgLVchM_xLgJpG8G_WTmb5Af0O3nYhuGsAp9uS-NXXVVtdd51Aa6qdZeCLJ2FGV395IHYXcQa6tPno3CYfDztdHnd6_LeW_21cuXo6vYU87PlMOwFsWSiYxICKFhuq6WEZHQA2FCXv5dCUU1o_VpuwS4gLhoMkEWcAyiIxumpgF1ABNTR8DSwJFjO8C23DF0hxo81JxYl6nEKMNdIrEYYIOLBvf__-cXvb2YkA.MEYCIQDlWYmC9YWqLwzGo1_Uz-5wC3tKqjhwYdDjRwRlhUS1MgIhAIacU_ZjLEOwuLoud4iCkwdAfjTkcppBULGpCRVOxW_PGet hashmaliciousHTMLPhisherBrowse
                                                                                  https://dw8.taxsolutions.spglobal.com/FATCADW8DB/DW8WebClientProd/SecurityModule/Register.aspxGet hashmaliciousUnknownBrowse
                                                                                    EXTERNAL Action required.msgGet hashmaliciousUnknownBrowse
                                                                                      http://info.ipreo.com/Privacy-Policy.htmlGet hashmaliciousUnknownBrowse
                                                                                        securedoc_20240521T074217.htmlGet hashmaliciousUnknownBrowse
                                                                                          239.255.255.250https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/cristorei.neemo.com.br/yaya/aALPghQuwJ38KMxdobOJdzxm/YW50b25lbGxhLmNvc3RhQGVzYS5pbnQ=Get hashmaliciousTycoon2FABrowse
                                                                                            http://1lyiqb.recodifyphone.net/#john.smith@ups.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                https://web1.zixmail.net/s/e?b=nbcbanking&m=ABAMge5ZjJnSt1fFBYAoMznp&em=shawna%40lakesuperiormarketing.comGet hashmaliciousUnknownBrowse
                                                                                                  http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                    https://joseordenes.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TUZCc01WYz0mdWlkPVVTRVIyODEwMjAyNFUxOTEwMjgxMA==N0123N%5BEMAIL%5DGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                      http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousUnknownBrowse
                                                                                                        https://storage.googleapis.com/inbound-mail-attachments-prod/5e015eec-2063-4653-b543-a2fdc4c2725e?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=Oqe%2BJFHcrdG7YCkrE3C6Zz6OLCYLhBuVvPPylkjCYGmey41qx66XjqVVSGCLAMzo5SzdjLX9iaWGDKggE5%2BSVyTp%2B4Pp9hiCYEhCbzJzRObttu74xvBHPG1HUvGwyhKfE3KbJMo6s3eIKayqjRRl9ive1ntsdNaFkXskMlbkDDitCjrgmc09BMh3GNgCZmS%2B%2F6W4Hs1%2FBX1s3JEpbIGaBotrI7KKcK%2Bk0eqEvy1FwgCCaSUDTZl1b6RyonBWqWQVoOT9UDFVSH5CfVKF4DfFfka0acdeYb2Y34WyRy8cCZlWDImJo52Hcg2wugU%2BJragJQbGJ2SdK6G4yy3Ak%2BGX%2FQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                          https://storage.googleapis.com/inbound-mail-attachments-prod/e5020188-2749-47cf-83bf-a0b2cfddec50?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=IYvTnHOaJB29ajuWwRzQZcQU4rHZgE4%2B0wJhDBuFNmuqKnq%2FuPwCZP2MuJNgfzc77Ulb%2FJD3hwjlmSZShLzm0rPz6kKzhOLxOsUrI2XaeGtr6VKv39d0yW57ZIaLvLuZqvMWrfmHg%2BzUtv%2BcuDdwfra8VzLrHRqbhPzwLmtaXc5jZiVHr4MEAQCaBOGAv%2B6DE6yQ7c%2FlukBVx7jSavZDJXhjDk6sOF%2BQSM%2FK%2FuwwWji%2BW4LjRMFJenK4rl5ERz3yHGgV62NnKzG9uQEgFU1Iv%2B0bvdTtYnW7CWjAkQzlPAI6yDTeVaqoZiiX%2FlEIegTw1eda8%2FOtpMB8OmgtqhxecQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                            401K .pdfGet hashmaliciousHTMLPhisherBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              bg.microsoft.map.fastly.nethttp://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.210.172
                                                                                                              wKj1CBkbos.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                              • 199.232.214.172
                                                                                                              https://storage.googleapis.com/inbound-mail-attachments-prod/5e015eec-2063-4653-b543-a2fdc4c2725e?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=Oqe%2BJFHcrdG7YCkrE3C6Zz6OLCYLhBuVvPPylkjCYGmey41qx66XjqVVSGCLAMzo5SzdjLX9iaWGDKggE5%2BSVyTp%2B4Pp9hiCYEhCbzJzRObttu74xvBHPG1HUvGwyhKfE3KbJMo6s3eIKayqjRRl9ive1ntsdNaFkXskMlbkDDitCjrgmc09BMh3GNgCZmS%2B%2F6W4Hs1%2FBX1s3JEpbIGaBotrI7KKcK%2Bk0eqEvy1FwgCCaSUDTZl1b6RyonBWqWQVoOT9UDFVSH5CfVKF4DfFfka0acdeYb2Y34WyRy8cCZlWDImJo52Hcg2wugU%2BJragJQbGJ2SdK6G4yy3Ak%2BGX%2FQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.210.172
                                                                                                              https://storage.googleapis.com/inbound-mail-attachments-prod/e5020188-2749-47cf-83bf-a0b2cfddec50?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=IYvTnHOaJB29ajuWwRzQZcQU4rHZgE4%2B0wJhDBuFNmuqKnq%2FuPwCZP2MuJNgfzc77Ulb%2FJD3hwjlmSZShLzm0rPz6kKzhOLxOsUrI2XaeGtr6VKv39d0yW57ZIaLvLuZqvMWrfmHg%2BzUtv%2BcuDdwfra8VzLrHRqbhPzwLmtaXc5jZiVHr4MEAQCaBOGAv%2B6DE6yQ7c%2FlukBVx7jSavZDJXhjDk6sOF%2BQSM%2FK%2FuwwWji%2BW4LjRMFJenK4rl5ERz3yHGgV62NnKzG9uQEgFU1Iv%2B0bvdTtYnW7CWjAkQzlPAI6yDTeVaqoZiiX%2FlEIegTw1eda8%2FOtpMB8OmgtqhxecQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.214.172
                                                                                                              401K .pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 199.232.210.172
                                                                                                              Biocon-In-Service Agreement.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                              • 199.232.214.172
                                                                                                              https://draxcc.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 199.232.210.172
                                                                                                              http://xn--gba7iaacaabba0ab51nca04ecacdad9203oearjjb191bfa.mkto-sj030022.comGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.210.172
                                                                                                              98761598741965.pdfGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.214.172
                                                                                                              http://timecode.com.ar/Webmail/2/Webmail/webmail.php?email=gc@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 199.232.210.172
                                                                                                              urldefense.comphish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.6.56.188
                                                                                                              Fw Fw EMAIL VALIDATION.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 52.71.28.102
                                                                                                              Fw_ Complete with Docusign_ J929272_SOW Extension_002_09-OCT-24_201415.pdf.emlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.204.90.22
                                                                                                              attachment (15).emlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.71.28.102
                                                                                                              SecureMessageAtt.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.6.56.188
                                                                                                              Seeking Assistance for Legal Assistance in a Medical Matter.msgGet hashmaliciousUnknownBrowse
                                                                                                              • 52.6.56.188
                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.204.90.22
                                                                                                              MIDDLE EAST CARTON INDUSTRY.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.6.56.188
                                                                                                              2024-09-09 Allstate MSP Schedule page.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 52.71.28.102
                                                                                                              https://urldefense.com/v3/__https:/www.tiktok.com/**Clink/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.**Camp*s**Cc**At**Ah**B.**Av**An*.dev*vzQIRsw2*ZGpvcmRhbkBtaWRvcmVnb24uY29t=$**B__;Ly8vLy8vLy8vL-KAi8Ktwq3igIvCrcKtLy8v44CC!!OyaRKFsH3g!mcXflt2ERl_n86iMStwZCC0oNlPS7qCRUYbOyyXmqXMA34z5dHKQFBCDcaHd8yq-0z2MCnm8nnlvLnUhRQ$Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 52.71.28.102

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              ATT-INTERNET4USfile.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                              • 209.38.221.184
                                                                                                              LJSS65p4Kz.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 13.185.186.102
                                                                                                              W6Z9uSRsKQ.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 75.50.134.43
                                                                                                              wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 108.254.96.86
                                                                                                              SuNMTBkfPo.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 172.126.55.218
                                                                                                              8v2IShmMos.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 70.245.246.214
                                                                                                              B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 108.86.82.51
                                                                                                              vHnFyxemFf.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 99.49.173.221
                                                                                                              v6pwbOEUpl.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 108.84.118.225
                                                                                                              j3Lr4Fk7Kb.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 74.173.111.171
                                                                                                              AMAZON-AESUShttps://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/cristorei.neemo.com.br/yaya/aALPghQuwJ38KMxdobOJdzxm/YW50b25lbGxhLmNvc3RhQGVzYS5pbnQ=Get hashmaliciousTycoon2FABrowse
                                                                                                              • 3.211.113.112
                                                                                                              Order pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                              • 3.5.20.124
                                                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                              • 3.5.16.19
                                                                                                              LJSS65p4Kz.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 44.221.131.90
                                                                                                              W6Z9uSRsKQ.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 54.55.230.199
                                                                                                              v6pwbOEUpl.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 54.54.116.215
                                                                                                              j3Lr4Fk7Kb.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 18.210.140.157
                                                                                                              Fatura, siparis onayi.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                              • 3.5.25.120
                                                                                                              belks.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 54.41.62.204
                                                                                                              http://mhmgc.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 52.205.112.112

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              https://joseordenes.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TUZCc01WYz0mdWlkPVVTRVIyODEwMjAyNFUxOTEwMjgxMA==N0123N%5BEMAIL%5DGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousUnknownBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              https://storage.googleapis.com/inbound-mail-attachments-prod/5e015eec-2063-4653-b543-a2fdc4c2725e?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=Oqe%2BJFHcrdG7YCkrE3C6Zz6OLCYLhBuVvPPylkjCYGmey41qx66XjqVVSGCLAMzo5SzdjLX9iaWGDKggE5%2BSVyTp%2B4Pp9hiCYEhCbzJzRObttu74xvBHPG1HUvGwyhKfE3KbJMo6s3eIKayqjRRl9ive1ntsdNaFkXskMlbkDDitCjrgmc09BMh3GNgCZmS%2B%2F6W4Hs1%2FBX1s3JEpbIGaBotrI7KKcK%2Bk0eqEvy1FwgCCaSUDTZl1b6RyonBWqWQVoOT9UDFVSH5CfVKF4DfFfka0acdeYb2Y34WyRy8cCZlWDImJo52Hcg2wugU%2BJragJQbGJ2SdK6G4yy3Ak%2BGX%2FQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              https://storage.googleapis.com/inbound-mail-attachments-prod/e5020188-2749-47cf-83bf-a0b2cfddec50?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1761388993&Signature=IYvTnHOaJB29ajuWwRzQZcQU4rHZgE4%2B0wJhDBuFNmuqKnq%2FuPwCZP2MuJNgfzc77Ulb%2FJD3hwjlmSZShLzm0rPz6kKzhOLxOsUrI2XaeGtr6VKv39d0yW57ZIaLvLuZqvMWrfmHg%2BzUtv%2BcuDdwfra8VzLrHRqbhPzwLmtaXc5jZiVHr4MEAQCaBOGAv%2B6DE6yQ7c%2FlukBVx7jSavZDJXhjDk6sOF%2BQSM%2FK%2FuwwWji%2BW4LjRMFJenK4rl5ERz3yHGgV62NnKzG9uQEgFU1Iv%2B0bvdTtYnW7CWjAkQzlPAI6yDTeVaqoZiiX%2FlEIegTw1eda8%2FOtpMB8OmgtqhxecQ%3D%3DGet hashmaliciousUnknownBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              401K .pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              Biocon-In-Service Agreement.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              https://draxcc.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 4.175.87.197
                                                                                                              • 40.126.32.74
                                                                                                              6271f898ce5be7dd52b0fc260d0662b3http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              -Payout Salary Benefits.zipGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              https://forthedoglover.com/Ray-verify.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              FW Complete with Docusign Remittance Advice .pdf.emlGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              http://url5148.librariapena.com/ls/click?upn=u001.GicqFEndYG5aFpuN1ngPufTfXrsQ9xNlNirpytR4MM9aBsYYFODsiAPftWqmKpvrE6ff_B2fWkfszhSflnL0HA3FnQqEKk1HJkizy-2Fud2LEQeI5aha2K2G6ppF2O0bL7D7H7LMN8WGu5xRF2M8uaTM6MXf6DAMaADWmIUL1YqZWKrQh1g-2F0n0cxV2mRrNZEteUwfW5DOdClcZ0c7E-2FIhACBFYnzvVFSnfSt3CZCN7P1EL1QyPVm42KBQGCDp3btvtG-2BbRJha-2FOyJXx-2BDZbno3l2jsvw-2FwkacYeoKE0uINsamNbg0rV0A52QCvn7k6VYTShXjbi9u51Z787-2F01bX1DTA9aSBSP-2FWMLEspaU-2FIdc1x-2FmRDSh7t6BQtQAtVlDsdci-2FkdE5XEzXcy1T7RT1mRx0Z8c0C7T5TxNvH7MOJLp-2BPx4LTMm4cKm4w-2Br4av4rqX3sFI-2B0Z54CPJjpfmgkQpOwbMxDkpsmVoLcKhd8rV7DcMtFguJaotRS3nEWM4vOO-2FegVGhzrwPBH6NjA2esFflr-2FYmA56ZztqyuVYNkq6vFbZhu3qpImgcxi-2BBybDKRWWCy9ZJhz5kW6d7c5iFMdA14shvBlO5oteNsOg1T8Wcd4MIJllivR5RQLa6JKyKUfgK8kF9DoOU4JGzocfITKQs9Z05ET92-2FS1aC5wu-2FuyffXQ4VOTrXPB9d3zUlvAaEdOc87CGa5e4y4lu-2F-2B9njpJqjlihSLoXPx3uHJhhT5l60Eu-2Fd0OnNMVN2uGoOn8P4Kyfxcr-2B3atbrIS84kkAo7VV7ElDHFn2Wn-2B0iZqwoFL1t1YCz2cR3xAkH3Dm45o7ag9bF7tv0L4g2t8v1fAwuiPylHAHkqFOEcwcDndKNNLE7ObrCi0wDxBijc-2FYVZU6-2F0yIfBAmiocABK2NEl2-2F-2FPMERnDYg-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              https://u.to/Ipn6IAGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)Get hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2
                                                                                                              ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.5.88
                                                                                                              • 51.104.136.2

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):290
                                                                                                              Entropy (8bit):5.172670374079629
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y60q2PRN2nKuAl9OmbnIFUt8v4y6jzZmw+v4y6jpkwORN2nKuAl9OmbjLJ:680vaHAahFUt8v8X/+v8F5JHAaSJ
                                                                                                              MD5:E98FC4AA6076C60783EF6A5239A4E034
                                                                                                              SHA1:3C1175673DC4AFF0C532DC7F4C0DB7C603DAE7C7
                                                                                                              SHA-256:4C8CA96DBE452046AA6C32D5DA5C04E6F598349F6D524BDB5646684077C1E572
                                                                                                              SHA-512:A15BE485C5656AF26ECD46C02604F17236AFC4211065448F794E39C996BCEDD9D1C04DBC6A9BDAAAA084DE7C549A4EB5DC11FBD62F077505FD47AE6798A88568
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:2024/10/30-09:41:21.456 1b40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-09:41:21.458 1b40 Recovering log #3.2024/10/30-09:41:21.458 1b40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):290
                                                                                                              Entropy (8bit):5.172670374079629
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y60q2PRN2nKuAl9OmbnIFUt8v4y6jzZmw+v4y6jpkwORN2nKuAl9OmbjLJ:680vaHAahFUt8v8X/+v8F5JHAaSJ
                                                                                                              MD5:E98FC4AA6076C60783EF6A5239A4E034
                                                                                                              SHA1:3C1175673DC4AFF0C532DC7F4C0DB7C603DAE7C7
                                                                                                              SHA-256:4C8CA96DBE452046AA6C32D5DA5C04E6F598349F6D524BDB5646684077C1E572
                                                                                                              SHA-512:A15BE485C5656AF26ECD46C02604F17236AFC4211065448F794E39C996BCEDD9D1C04DBC6A9BDAAAA084DE7C549A4EB5DC11FBD62F077505FD47AE6798A88568
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:2024/10/30-09:41:21.456 1b40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-09:41:21.458 1b40 Recovering log #3.2024/10/30-09:41:21.458 1b40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):334
                                                                                                              Entropy (8bit):5.162958485371407
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y6lk+q2PRN2nKuAl9Ombzo2jMGIFUt8v4y6h1Zmw+v4y6hZVkwORN2nKuAl9OU:68HvaHAa8uFUt8v8z/+v8p5JHAa8RJ
                                                                                                              MD5:D6C28C0E538D17368DA2DB9452B2DC99
                                                                                                              SHA1:286D6E83E15711412F3455BF78CB6EF99F116E01
                                                                                                              SHA-256:E1501A8F66D84850D14B38DF5DFBBDBFA37404F7AA7EF599102600FFE57EC1EF
                                                                                                              SHA-512:397F69E1A79E88D2C96976F856A238236A7656264703C2039B89EC0C95042E2E4606B11AC07C8BAD8317EB2164152E06B3A584270CCAD13273BC35540F503B84
                                                                                                              Malicious:false
                                                                                                              Preview:2024/10/30-09:41:21.346 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-09:41:21.349 19d8 Recovering log #3.2024/10/30-09:41:21.349 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):334
                                                                                                              Entropy (8bit):5.162958485371407
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y6lk+q2PRN2nKuAl9Ombzo2jMGIFUt8v4y6h1Zmw+v4y6hZVkwORN2nKuAl9OU:68HvaHAa8uFUt8v8z/+v8p5JHAa8RJ
                                                                                                              MD5:D6C28C0E538D17368DA2DB9452B2DC99
                                                                                                              SHA1:286D6E83E15711412F3455BF78CB6EF99F116E01
                                                                                                              SHA-256:E1501A8F66D84850D14B38DF5DFBBDBFA37404F7AA7EF599102600FFE57EC1EF
                                                                                                              SHA-512:397F69E1A79E88D2C96976F856A238236A7656264703C2039B89EC0C95042E2E4606B11AC07C8BAD8317EB2164152E06B3A584270CCAD13273BC35540F503B84
                                                                                                              Malicious:false
                                                                                                              Preview:2024/10/30-09:41:21.346 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-09:41:21.349 19d8 Recovering log #3.2024/10/30-09:41:21.349 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4c3d840b-cbb5-4d41-a225-1a2788ce0f4a.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):403
                                                                                                              Entropy (8bit):4.953858338552356
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                                                              MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                                                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                                                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                                                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                                                              Malicious:false
                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6077c4dc-d1d5-478b-b492-c186eb595f2b.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:modified
                                                                                                              Size (bytes):403
                                                                                                              Entropy (8bit):4.983139403216823
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:YHO8sqAQisBdOg2H1gcaq3QYiubrP7E4T3y:YXsLQHdMHd3QYhbz7nby
                                                                                                              MD5:7B24CF48BCB8E34A6C457A2F70521FC5
                                                                                                              SHA1:48E8C7BA1B879F66AD6500F5EE44C00016461FF9
                                                                                                              SHA-256:629B888FA56460153D2E71769A843860AEEB3D0FA90B725249BDC4D039354F74
                                                                                                              SHA-512:163A2B8F08DAC85863698F7592499A1FB0EE182B46AE3DDE5418495D3BA303B73C3B62EA411EA4D72F4A8DA834227780B333F454AEBB78B9E62E0B12BD8345F6
                                                                                                              Malicious:false
                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374855687146679","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":396974},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):403
                                                                                                              Entropy (8bit):4.953858338552356
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                                                              MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                                                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                                                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                                                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                                                              Malicious:false
                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF65beb1.TMP (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):403
                                                                                                              Entropy (8bit):4.953858338552356
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                                                              MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                                                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                                                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                                                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                                                              Malicious:false
                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4509
                                                                                                              Entropy (8bit):5.237776854752206
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xew3LcsNEV3fnNZ:OLT0bTIeYa51Ogu/0OZARBT8kN88kLcn
                                                                                                              MD5:2A751E2AB556E8FED68806598D1DDE68
                                                                                                              SHA1:A4F4843748260D4026B3D0D2F32392609E0C3D24
                                                                                                              SHA-256:8CBE50276EFD7F775D4662D7A4088CB9B30B714F945B5461CFF35D37F592A95F
                                                                                                              SHA-512:D7E025596A3D59E3980DD9BE3A7B946CBA2DD2F2C65456C2E14429C1C711DD5301F52FD5EC286FA593FCE842ABAD6431AD459E5342679D4A4D6A8B115AC17C84
                                                                                                              Malicious:false
                                                                                                              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):322
                                                                                                              Entropy (8bit):5.164125318608627
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y67R+q2PRN2nKuAl9OmbzNMxIFUt8v4y67GRZZmw+v4y67XYNVkwORN2nKuAlG:68YvaHAa8jFUt8v8iZ/+v8zYz5JHAa8E
                                                                                                              MD5:45D755E53ACF2E0C9446353C8D4F13EB
                                                                                                              SHA1:522B64CCC550CC592F02EFB1E04C5484226960FD
                                                                                                              SHA-256:524DD88463647D3CAB091299C4D86FA99F25D3788481CDB180FA69DA4603B24C
                                                                                                              SHA-512:D9EA191F893373FAAFCFA203EC670C6EC3F64AFE975AF39727077C94429BC3BB942FD8CCCEF7402E84ABB6A7C481EC4FC8A093D42411326E6C2FCAA03EF419E9
                                                                                                              Malicious:false
                                                                                                              Preview:2024/10/30-09:41:21.480 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-09:41:21.481 19d8 Recovering log #3.2024/10/30-09:41:21.483 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):322
                                                                                                              Entropy (8bit):5.164125318608627
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:64y67R+q2PRN2nKuAl9OmbzNMxIFUt8v4y67GRZZmw+v4y67XYNVkwORN2nKuAlG:68YvaHAa8jFUt8v8iZ/+v8zYz5JHAa8E
                                                                                                              MD5:45D755E53ACF2E0C9446353C8D4F13EB
                                                                                                              SHA1:522B64CCC550CC592F02EFB1E04C5484226960FD
                                                                                                              SHA-256:524DD88463647D3CAB091299C4D86FA99F25D3788481CDB180FA69DA4603B24C
                                                                                                              SHA-512:D9EA191F893373FAAFCFA203EC670C6EC3F64AFE975AF39727077C94429BC3BB942FD8CCCEF7402E84ABB6A7C481EC4FC8A093D42411326E6C2FCAA03EF419E9
                                                                                                              Malicious:false
                                                                                                              Preview:2024/10/30-09:41:21.480 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-09:41:21.481 19d8 Recovering log #3.2024/10/30-09:41:21.483 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241030134125Z-165.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):71190
                                                                                                              Entropy (8bit):1.9846017841722792
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:/MsIzjwyfK0WmOSTkp2CffTG86Qqv+K3D8IgrH5:V
                                                                                                              MD5:14537A41CFB4409E7A37276DF895A813
                                                                                                              SHA1:85803009E2197BB2A8BBC161E1C22D46AE0FC00E
                                                                                                              SHA-256:B3A5FC493D9C1E5C96BE9CF163413D0454A6130778D0F51703B1F23FCDEE25F8
                                                                                                              SHA-512:261CD5E9FEBAF83E56EC462E876675F972C4AC80BEF82579BB1127CDB0EB7CD181C863A8E3CE179E1B17D14DBEFA3344A4197C2D804E3643575AB274C7202764
                                                                                                              Malicious:false
                                                                                                              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):57344
                                                                                                              Entropy (8bit):3.291927920232006
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                                                                                              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                                                                                              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                                                                                              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                                                                                              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:SQLite Rollback Journal
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16928
                                                                                                              Entropy (8bit):1.2158374266262388
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:7+tcTqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+ZH:7MUqLmFTIF3XmHjBoGGR+jMz+Lhu
                                                                                                              MD5:A71E7DE7F1B6ABC2E56CB1366E03CD7D
                                                                                                              SHA1:12410EF7CADDF22F8A0623EE62D4EE4950F07F86
                                                                                                              SHA-256:368FFC5CA2883061C6BC6131D917CBAF01D1ED9009CF886BA71374295FEA4F14
                                                                                                              SHA-512:3EDF822696046B6D29B8D0C0F7508EDE39B0CBA45EA9C4C6DA5CCF566B02552DF2D9EC81620C0CCA2471D8FC335099391D32151C57BB68FDC1BC66A6ECE1F26F
                                                                                                              Malicious:false
                                                                                                              Preview:.... .c.....$&..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:Certificate, Version=3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1391
                                                                                                              Entropy (8bit):7.705940075877404
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                              Malicious:false
                                                                                                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):71954
                                                                                                              Entropy (8bit):7.996617769952133
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):192
                                                                                                              Entropy (8bit):2.7360490791012118
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:kkFklSgGK0hllXfllXlE/HT8kvtNNX8RolJuRdxLlGB9lQRYwpDdt:kKLW0JIT8ETNMa8RdWBwRd
                                                                                                              MD5:E7A47A5FA5618346EFE1726C802487CF
                                                                                                              SHA1:0DE0E1ACD33F7377AE8187186F8EE879F165D95A
                                                                                                              SHA-256:B4D55D3D4BD0AEDF3F7DBDE8600D9C181ED341574B554A0A5B33B26147F00118
                                                                                                              SHA-512:768087F2A026521518FBCB4B01FBD9551DD91908ECE4838154C52DF12E0F24074BC274F23FF78D8CC0D62102473DA97E638D54778DE3BD2B5E2741A4085D6C94
                                                                                                              Malicious:false
                                                                                                              Preview:p...... ..........co.*..(....................................................... ..........W...."...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):338
                                                                                                              Entropy (8bit):3.468250949390696
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kKHwGkQ8DBlEJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:vt8kPlE99SCQl2DUevat
                                                                                                              MD5:145F12786ADD429341D2FD068470A59E
                                                                                                              SHA1:B3EF3F08D8CB87BA42FF892EDEC9AFCEDB852435
                                                                                                              SHA-256:34E8DFC98F6745CDF88530A38A66C2B298A4D971F043AC0A3D113468B3059E1B
                                                                                                              SHA-512:19484E1BB276A848C41B98E19B296F2577E1863B6275D051186CC07BF1180CB14190CEA7CBE65DDDD0BCBB241D6DF379415F6E6C82FC2C300E1C40ED6257C84D
                                                                                                              Malicious:false
                                                                                                              Preview:p...... .........-.c.*..(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):328
                                                                                                              Entropy (8bit):3.247897867253902
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kKnkJ99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vk+DImsLNkPlE99SNxAhUe/3
                                                                                                              MD5:C936914A3646FC2C0F5E0A1CFA242B7B
                                                                                                              SHA1:1C8931ADAE83BD0ACD8C1791D2CDCD1D9ED4C49C
                                                                                                              SHA-256:A0C4C953692A9D1F243811615557A2CF5F9C7AA9507C64F7DD42858F7443CE3F
                                                                                                              SHA-512:FB72F4EBE01BD913431D0BFF25A0917E870CD3D8E153B5A014138FD4BF331A640170F8A7BBAB6C27B749300160E90C9FD9B476F854FAC7510DFAC44A0FF3D996
                                                                                                              Malicious:false
                                                                                                              Preview:p...... .............*..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4300

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:PostScript document text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):185099
                                                                                                              Entropy (8bit):5.182478651346149
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                                              Malicious:false
                                                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:PostScript document text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):185099
                                                                                                              Entropy (8bit):5.182478651346149
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                                              Malicious:false
                                                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):227002
                                                                                                              Entropy (8bit):3.392780893644728
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
                                                                                                              MD5:265E3E1166312A864FB63291EA661C6A
                                                                                                              SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                                                                                                              SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                                                                                                              SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                                                                                                              Malicious:false
                                                                                                              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4
                                                                                                              Entropy (8bit):0.8112781244591328
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:e:e
                                                                                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                              Malicious:false
                                                                                                              Preview:....

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1969
                                                                                                              Entropy (8bit):5.060273469461684
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:Y0AiESbjWbj2CjxjZ4oijxi+0jPjrVbjBgajF:5XWP2ERaTx3y7BPBgMF
                                                                                                              MD5:84F9F02455A84B7AC1BBC6927C0F93C8
                                                                                                              SHA1:CC4259DA8923F3A6257EE919D5C3E41AAF21977D
                                                                                                              SHA-256:B2999E08BDAAD342E3AC9EEE713C734CF718393CB41DE3AD44504772B7C890C4
                                                                                                              SHA-512:6E24202B3A0CA7A53CB1F1853A92DA756C1F82D80CDFB4C019A17B33D8DC9314EF089B5FD7973588CA66570F46780F141854B5745451EDE86A3BE75B9D402E78
                                                                                                              Malicious:false
                                                                                                              Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1730295732000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f8ce16c8d78d640728012d308f601433","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696583346000},{"id":"DC_Reader_RHP_Banner","info":{"dg":

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12288
                                                                                                              Entropy (8bit):0.9882470839770229
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe40WYoIcLESiAieQ0WYoF:TVl2GL7ms67YXtrjWycI83WL
                                                                                                              MD5:49BED3489B6ACA95A323899BD4DEB1C1
                                                                                                              SHA1:8BCE31EE946A5BD154E25237222BE9547FEEECB6
                                                                                                              SHA-256:AF08CCDE626EBDA92427989C6EA4470CF934987F1F687BF3EF6EC8F672475FE6
                                                                                                              SHA-512:35C5683E33E6A1FB0C68E76BB787885E98F0DA6510A67DFA30E8038F679275BD5CC33B05F36D57CEEC04CF91B3A5B6D79D85C01152C6858404BC0A3C8FA7F269
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:SQLite Rollback Journal
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8720
                                                                                                              Entropy (8bit):1.3446883378894157
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:7+tVASY9QmQ6Qe40WYo7cLESiAi0mY9Q1pqLBx/XYKQvGJF7urs9g:7MVlYXtrjWdcI8KYSqll2GL7ms9g
                                                                                                              MD5:67E2334CEC80C377DA565C6C1E744CF2
                                                                                                              SHA1:D9421881BE834A8E294216B0F21F601295157BC2
                                                                                                              SHA-256:FA90FC2DF026C4884179436C7A64401EAE67A9897B7DCAF2CC06981B4054D82D
                                                                                                              SHA-512:DFDDE8AD913065CC6FF5A083860DC43B05D4BCFA94721D3172319C1A94FEC4F8D3924484B8AAD1BE6F6F9C4903F31D2786CBDE871DEA3631D9F1C56DEFF177B7
                                                                                                              Malicious:false
                                                                                                              Preview:.... .c.......|.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):231348
                                                                                                              Entropy (8bit):4.373861586891947
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:ZcYLfKgs/49CdlRDpgs5sNcAz79ysQqt2EU8eqoQ93rcm0Fv4vcy9S3gGAzbLC9S:tCgsbbg5miGu2pqoQNrt0FvEoab8kxiW
                                                                                                              MD5:D9DA00897B8D474FF1FE3977C5FFE016
                                                                                                              SHA1:7AA8725E2A9CC335EEE5C0C3D09FA9A1B2B15A7A
                                                                                                              SHA-256:A5F4E6FA604A057DF248FBC4DF75824385BFF0022E5D9411F56823BEC2D459D6
                                                                                                              SHA-512:CC06D86EE6A5ACF099392D2C28FEE4825E8447E94BD6D5A0D3C4F933F6FC7ABEEC77D0194861D98BA8392C938E7A2BFB71375BDCA39153F10A7EF3602F44F03B
                                                                                                              Malicious:false
                                                                                                              Preview:TH02...... ....T.*......SM01X...,......S.*..........IPM.Activity...........h...............h............H..h|.&......*n....h........@..H..h\cal ...pDat...h...0....&....h.(.............h........_`Pk...h.)..@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k7.3.....-.4...!h.............. hW.......&...#h....8.........$h@......8....."h.A.......A....'h..2...........1h.(..<.........0h....4....Uk../h....h.....UkH..h....p...|.&...-h .........&...+hF/......p.&......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1869
                                                                                                              Entropy (8bit):5.085925887692297
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cG7AdyUdyjdSyrudnzyZSyrenzyMJdyBkSyrdnzyr1nzyvASy/dyO:0EUEjdbqd2Zb622Embx2R2vAb/EO
                                                                                                              MD5:50C86039CC0EE2D879A9EB8E3D46E73A
                                                                                                              SHA1:C5F6F7FFBA96ECBD43C401B877057AEAFF20C4E9
                                                                                                              SHA-256:08637B472659EDB7E6CF69A1373C44AAA6C48AEE4FD04385F7C778FCA172EA50
                                                                                                              SHA-512:FE335FF6EE3F911B5441A1AE78C2DEDCC72C28EBD316ED8E10270122428FD3B08926B79797D53A23D2A6D33AAD9718C03F6261A8885A938E70F2B5FD4EEB19EC
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-10-30T13:41:11Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):521377
                                                                                                              Entropy (8bit):4.9084889265453135
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                                                              MD5:C37972CBD8748E2CA6DA205839B16444
                                                                                                              SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                                                              SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                                                              SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                                                              Malicious:false
                                                                                                              Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                                                              Category:dropped
                                                                                                              Size (bytes):773040
                                                                                                              Entropy (8bit):6.55939673749297
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                                                              MD5:4296A064B917926682E7EED650D4A745
                                                                                                              SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                                                              SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                                                              SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                                                              Malicious:false
                                                                                                              Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):322260
                                                                                                              Entropy (8bit):4.000299760592446
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                                              MD5:CC90D669144261B198DEAD45AA266572
                                                                                                              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                                              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                                              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                                              Malicious:false
                                                                                                              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):10
                                                                                                              Entropy (8bit):2.9219280948873623
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:L+n:6n
                                                                                                              MD5:0F328CFE35A834B80BDBC6272CC00A9D
                                                                                                              SHA1:F7292FC584FCA888438DD7CCB3211A06CA690E66
                                                                                                              SHA-256:E378D94B681D2B15375D86322C546C816DA445806CC41E276EAF16EC7477CD10
                                                                                                              SHA-512:568007BFC07899706FEAA4B10438259D319AF34916D5FACB16EEA5D63058F3890B346D39A4BA192F3295BA7BBAD40917A13C0B7386A5E0AAA3ABE3E3FA385F28
                                                                                                              Malicious:false
                                                                                                              Preview:1730295673

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C9A5A8AA-5019-4F3A-A07D-8788A38DF98E

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):180288
                                                                                                              Entropy (8bit):5.290984113097066
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:ki2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8S7CC:uPe7HW8QM/o/aXbbkx
                                                                                                              MD5:53E0EA713A7451E888074A0468BAC176
                                                                                                              SHA1:33EB06702EE5893302E6F8DD2B53D5AB4D88878D
                                                                                                              SHA-256:AE5475A67D65021894B9E381BB847AEA73515A4E2A2FF936B0DAA0333812F06F
                                                                                                              SHA-512:67A20601B1D993924FAE3AB6D1B1A09530FC5275E7C3799DA3D3BC4545493EFE5F44AC306637F9C92C6DE892B3E9FF8B5681278817670298694FC98AE63F2791
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-30T13:41:11">.. Build: 16.0.18222.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4096
                                                                                                              Entropy (8bit):0.09216609452072291
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                              MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                              SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                              SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                              SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:SQLite Rollback Journal
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4616
                                                                                                              Entropy (8bit):0.13760166725504608
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:7FEG2l+kpAlEH/FllkpMRgSWbNFl/sl+ltlslVlllfllj:7+/lbp9g9bNFlEs1EP/z
                                                                                                              MD5:46D1D003AD48707962E8739F3007B4E4
                                                                                                              SHA1:26C51CE2BACBB2ADC5465FF20BDAF8AD8269E026
                                                                                                              SHA-256:1FC1F1073D3FDAF14C7CA564F08BF630FBAAFD0615AE8F9F8646486AA5D9426D
                                                                                                              SHA-512:9F0DF878C5165E9829966E042F422EF6C41946AA295533597C7E5278F9621E26EF2F1BF18502A47BBBF7572D3A90A0C18D00E1CA01D2F0B93E3B80D72E1C19D9
                                                                                                              Malicious:false
                                                                                                              Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):32768
                                                                                                              Entropy (8bit):0.04474441261042196
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:G4l2kB26kK8Y4l2kB26kK2mlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2I+Y4l2I+8L9XXPH4l942U
                                                                                                              MD5:7977DB832D9B4AEF5EF860FE3645884B
                                                                                                              SHA1:0406F119E94C25693F991F8D235F69DB4F1FCF84
                                                                                                              SHA-256:B4445FAD9543EF06B4C0521E8D7774EA504CAD611E28ACCA29E1091DB2357DAA
                                                                                                              SHA-512:32C77DC86004123DC739CAF7DADF8A3DFBD823331447DCD380C7DCEF98CE50E75EB3F4109546CB493D93D8255DB1A6D15FCFDCFA430CE544D02523F4F49604BE
                                                                                                              Malicious:false
                                                                                                              Preview:..-.........................(...<..-..@.q.....-.........................(...<..-..@.q...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                              Category:dropped
                                                                                                              Size (bytes):45352
                                                                                                              Entropy (8bit):0.3957605518826373
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:K6AQ3zRDmSgUll7DBtDi4kZERDUyzqt8VtbDBtDi4kZERDH:vAQ1CSgUll7DYMAyzO8VFDYM
                                                                                                              MD5:C172D7A794966B52E0E5ECF2B5A746E5
                                                                                                              SHA1:6B85A7C416F05A1540B4DBF04882258FCF93679F
                                                                                                              SHA-256:00E02459250EAADD9533AA4CC48BDD6C6DAE3C5D3E9264665A53A0339636466F
                                                                                                              SHA-512:D7803BA30EDB041EB83FBDDB1170589B6F0CC39CAC0439AA50577DD5FA0A1DBEB9D8E9EDCAC850CB28970A52542039DFC850D87F4B57497FC181F21F73867684
                                                                                                              Malicious:false
                                                                                                              Preview:7....-............<..-.....)Y!..........<..-....[..#SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F6685A6D.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:PNG image data, 300 x 109, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):11349
                                                                                                              Entropy (8bit):7.946723977966732
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:QUYHbIMMK7xrTLcqP2wsuDVKOK03DohnMtSEqNEgi0LY4PmdmWWdB4ZeX:QFb7J7tz2wsuAOK0MncqNEx4+6X
                                                                                                              MD5:042BADE13216B16D91BF33F7A4352C88
                                                                                                              SHA1:B9A1008F8685F7B4B9A7DFBAC5B3415B888CE3A1
                                                                                                              SHA-256:3EDE9E544C72CE38710688E5D545043D0E36567F3BEB6165DB555D28B02D1467
                                                                                                              SHA-512:42110254030389586C328B12942BC8DD2C335418A6076B98BCB66A69BE13F6171ABC695D3DC14458D416DB47E079034DDF2593AEBC413ED57805824CF596E1E5
                                                                                                              Malicious:false
                                                                                                              Preview:.PNG........IHDR...,...m.......\.....sRGB.........pHYs..........+......tEXtSoftware.Microsoft Office..5q..+.IDATx^.w..U...).Lz.Oz ....I.. ...*^.X..q-W]z.,..X.....@h..!!..I.L.....9_rr2.drf.9y.Z.C...]...{...Q1/....K .$...}....\... ..,_....@.H..+c..;..p.8`..p...2F..X.3U.Q..K....K.%.1.p.....\..X..\.......V.L.w.%..p..5..p.d....2f.............K c$...1S..u.....|...\..#.....*.K.%...k.%.....8`e.TyG]....,_....@.H..+c..;..p.8`..p...2F..X.3U.Q..K....K.%.1.p.....\..X..\.......V.L.w.%..p..5..p.d....2f.............K c$...1S..u.....|...\..#.w...UU..c....*k.-7'.Z..Y..........RSSc5...Z....9.........ssOz...e....s.....3G.Pg..zB]......0.~...}y9'..PK..A....).V(a,|. ......c..Z.SKs.8v......k..Xr...........H..{..y.7....:.?G*+l.2+..J}..h.s....nH~...'.f.,..;...={l..}.....W.[..".h....,....._..6.s.....J.b%......v...[.[../O.>.[W....h...,..wOo.b.... ....+(..k..Sz....{[..|+.X,..^.....[..-...UTX..2.O_..g.*.ee...-..x.U..-Z.G.**.@.}A.vq.>.6.e..yq.f["..U,..L.h..Q...*%.|...M..]...@

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _ (002).pdf

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:PDF document, version 1.5, 3 pages
                                                                                                              Category:dropped
                                                                                                              Size (bytes):196487
                                                                                                              Entropy (8bit):7.8269707585992565
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:/2woN1z7FYH+CZQ1zl49PnAR40mYFXzmbczFlzpqR9cpTLfm+SUXd26mY14ZtoZU:/2wUXFo+xtWsnzuczFDq/dUXd490V+x
                                                                                                              MD5:6D444C0259E8EB199793EA391E079A7F
                                                                                                              SHA1:6496936043177C80EEB039F9290909DDEA134A09
                                                                                                              SHA-256:736E6D14649292755E7EB72A8C07C94A5638E1EEDB034BF8CFB0FFB9BE85FDEF
                                                                                                              SHA-512:7853A2A43E162F9693CE13F87760DE9EB9D0F6CC8D4FE7BEBDC2C67B9520A80256AD1CB3EE3C931D2BD7F9B7B541DE104D428DCE53D5FDFAAC7EDD48559B2AF2
                                                                                                              Malicious:false
                                                                                                              Preview:%PDF-1.5.%.....9 0 obj.<<./Type /XObject./Subtype /Image./Width 36./Height 47./ColorSpace /DeviceGray./Matte [0 0 0]./BitsPerComponent 8./Interpolate false./Filter /FlateDecode./Length 447.>>.stream.x.c`....u.....M.e...01.......G..7.j.U......4........h^...F...%P5..)..)D.......K.}.....-..s.2P...g.}.U..l..j...t.M..s...`...@..IM..5 p.IM5.5..y"AX........D...aL.jV....R)t5...c.....7....j.AQ..E....@v.~.._.G..{.C..-.pE..q)...W.....[.....R....*{\.....X".bW...T...bQ.E.5..[_c*.E.?n......BW.2l%.........P.aU.`....TR.\f.f^...$........?.l..ANu.......+......N@.9y.j.,b`.O.|S#.&......Bj.T0.R.K...._.=a..<...L......*.p@l.....o|......W.!...E....endstream.endobj.8 0 obj.<<./Type /XObject./Subtype /Image./Width 36./Height 47./ColorSpace /DeviceRGB./BitsPerComponent 8./Interpolate false./SMask 9 0 R./Filter /FlateDecode./Length 623.>>.stream.x.....0..C..........{{...OD.. ...._(Yg...b.C.r.|>....~....ooS..n....t..nX...t:..FE....\...d...F6..n..........t:..}W\.W..Z....r.......p8.....h4L..N....A

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _ (002).pdf:Zone.Identifier

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:gAWY3n:qY3n
                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                              Malicious:false
                                                                                                              Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:PDF document, version 1.5, 3 pages
                                                                                                              Category:dropped
                                                                                                              Size (bytes):196487
                                                                                                              Entropy (8bit):7.8269707585992565
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:/2woN1z7FYH+CZQ1zl49PnAR40mYFXzmbczFlzpqR9cpTLfm+SUXd26mY14ZtoZU:/2wUXFo+xtWsnzuczFDq/dUXd490V+x
                                                                                                              MD5:6D444C0259E8EB199793EA391E079A7F
                                                                                                              SHA1:6496936043177C80EEB039F9290909DDEA134A09
                                                                                                              SHA-256:736E6D14649292755E7EB72A8C07C94A5638E1EEDB034BF8CFB0FFB9BE85FDEF
                                                                                                              SHA-512:7853A2A43E162F9693CE13F87760DE9EB9D0F6CC8D4FE7BEBDC2C67B9520A80256AD1CB3EE3C931D2BD7F9B7B541DE104D428DCE53D5FDFAAC7EDD48559B2AF2
                                                                                                              Malicious:false
                                                                                                              Preview:%PDF-1.5.%.....9 0 obj.<<./Type /XObject./Subtype /Image./Width 36./Height 47./ColorSpace /DeviceGray./Matte [0 0 0]./BitsPerComponent 8./Interpolate false./Filter /FlateDecode./Length 447.>>.stream.x.c`....u.....M.e...01.......G..7.j.U......4........h^...F...%P5..)..)D.......K.}.....-..s.2P...g.}.U..l..j...t.M..s...`...@..IM..5 p.IM5.5..y"AX........D...aL.jV....R)t5...c.....7....j.AQ..E....@v.~.._.G..{.C..-.pE..q)...W.....[.....R....*{\.....X".bW...T...bQ.E.5..[_c*.E.?n......BW.2l%.........P.aU.`....TR.\f.f^...$........?.l..ANu.......+......N@.9y.j.,b`.O.|S#.&......Bj.T0.R.K...._.=a..<...L......*.p@l.....o|......W.!...E....endstream.endobj.8 0 obj.<<./Type /XObject./Subtype /Image./Width 36./Height 47./ColorSpace /DeviceRGB./BitsPerComponent 8./Interpolate false./SMask 9 0 R./Filter /FlateDecode./Length 623.>>.stream.x.....0..C..........{{...OD.. ...._(Yg...b.C.r.|>....~....ooS..n....t..nX...t:..FE....\...d...F6..n..........t:..}W\.W..Z....r.......p8.....h4L..N....A

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf:Zone.Identifier

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:gAWY3n:qY3n
                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                              Malicious:false
                                                                                                              Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9142C685-306D-4D33-BE82-CC431361D9AF}.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2972
                                                                                                              Entropy (8bit):3.2205300320442216
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:ThNZfCooYgYVYcTZ/F1KJiVN10mHL0zNSRj:J+hcnO5SRj
                                                                                                              MD5:0CB64FE9006E2ACC6393B832B16FA727
                                                                                                              SHA1:C8D40296AA9E2A4BF6EBE3C23268A8BCB9D661A9
                                                                                                              SHA-256:03B4E5EB1521A76885CD46CBE63DAB957375C1F38DDE778F05D40B78D88AE8F4
                                                                                                              SHA-512:59905BCA6260C321AD9A49BBA247AA3FFE78A153D48C7DA215564A92BBB628DD42A04B785C5FBE20CFCF838E2B16B4F8C4ED8B393478503DD1B2C78A7C0A7E1E
                                                                                                              Malicious:false
                                                                                                              Preview:....E.X.T.E.R.N.A.L.:...D.o. .n.o.t. .c.l.i.c.k. .l.i.n.k.s. .o.r. .o.p.e.n. .a.t.t.a.c.h.m.e.n.t.s. .i.f. .y.o.u. .d.o. .n.o.t. .r.e.c.o.g.n.i.z.e. .t.h.e. .s.e.n.d.e.r.....H.i. .T.h.e.r.e.,. .....F.o.r. .s.o.m.e. .r.e.a.s.o.n. .w.e. .a.r.e. .m.i.s.s.i.n.g./.e.x.p.i.r.e.d. .t.h.e. .a.t.t.a.c.h.e.d. .d.o.c.u.m.e.n.t. .f.r.o.m. .y.o.u.r. .a.c.c.o.u.n.t.,. ...................................................................................................................................................................................<...>...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\07110881-6EE1-4F10-BBD4-D91FD1D9288F

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):177048
                                                                                                              Entropy (8bit):5.293858176858925
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Ei2XPRAqFbz41gLErLe7HW8QM/hMOcAZl1p5ihs7gXX9EIJAOoYgYdGVF8S7CC:wie7HW8QM/CXiw0x
                                                                                                              MD5:66BF611C618958072EC45C35FF9C0E46
                                                                                                              SHA1:6430088DD3604CE9A71DD0370A5FCE7ED86F4CEB
                                                                                                              SHA-256:2BA856730D48D405A5335AF9D09B6171E4178C6F6294321C671BF76F060A3F09
                                                                                                              SHA-512:714739E06A34DA49EE80964216FA946D0FC9E3266F8E09072005EF75D4EE733538BDAD5F5ABA8244E3231C783BABAFA62F347EEAEFDCF8F2505A4D627BBF1812
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-30T13:42:25">.. Build: 16.0.18222.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                              C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):131072
                                                                                                              Entropy (8bit):0.20594226638319638
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:betbGSIE4CWYmZXAIhINifeJmZXcIAy9mZalwx7IcR:Ypt8xIUfeJ8MIAY817IcR
                                                                                                              MD5:AD88235BE31F8F1B83C0E29E83EFDFF0
                                                                                                              SHA1:74374DB9D9FD4F7326F66879C06F6EC5EB2FCF8A
                                                                                                              SHA-256:538CBCD1B97C92866E31B290E25CC58B4445D14FCE58BBE8D33FA70DBC69652E
                                                                                                              SHA-512:760E04D55569068AF9EC58AEEEBEE40061FCC071A5A5CF35B1FF03BB796F7B1F16194514BB4BCD82F2B8DE3404766ACC14ADDC967B0B6994BD80AF10FC0B8704
                                                                                                              Malicious:false
                                                                                                              Preview:............................................................................b............12.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y...........i...*..........H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.........u.2.....................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):65536
                                                                                                              Entropy (8bit):0.11931230206471957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:9SUPqF69Fq5jTY8CeuQ1UMCl2M+aqc2EOCj:51QYfOSMClCaoEFj
                                                                                                              MD5:80A836F73B1CBEE720FE5EB490C7E538
                                                                                                              SHA1:EE13B50717EA109715331E239CA5B1D6AC81F635
                                                                                                              SHA-256:D5A67D9A2699069339B0D020E3D52B369443B69777A714ED960F0A8D170F8121
                                                                                                              SHA-512:79E7F92921034A9B5ECEA88E8C07A401DFB30F1C1EE68B950A6D3236B00CC0070448FA1E7A95B68394E0878989A7FEA25BA2859200824D3F4AC7BA98A62BF5C9
                                                                                                              Malicious:false
                                                                                                              Preview:............................................................................@...p...t...8t{.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y..........qsi..*..........H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P.p...t.....{.............................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                              Category:dropped
                                                                                                              Size (bytes):32768
                                                                                                              Entropy (8bit):3.71272789210942
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:ACPVRzXGMANVM/E7Tc6LSMtCgirjjNKuPLwgBEjGODo:p3lANVM/E7Tc6ftCg8vNKuLwgBEjGO
                                                                                                              MD5:9975D97AB019EADA1656CB7305B3999D
                                                                                                              SHA1:649FE782181EE24738D9418B977DF38B755F368E
                                                                                                              SHA-256:9EB5B138337E530904DCC5396F65B3D58A2C3515ACF2F3BA075DB585E79BC9CC
                                                                                                              SHA-512:5C5ECBC2C0F317A7E0525022478FA344F7F3C965223A37747032A32E5239B0CFF84EAC5B20D2288F17079F0AAAEA8EB5C0FA343DEEE43C12803CA27C319CDF11
                                                                                                              Malicious:false
                                                                                                              Preview:regf........b.Q.7.................. ....p......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm..oQ.*..............................................................................................................................................................................................................................................................................................................................................a{..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                              Category:dropped
                                                                                                              Size (bytes):32768
                                                                                                              Entropy (8bit):3.720718150977958
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:qCPVRzXGMANVM/E7Tc6LSMtCgirjjNKuPLwgBEjGODo:v3lANVM/E7Tc6ftCg8vNKuLwgBEjGO
                                                                                                              MD5:30F3CFC6E2D71F73C29DB5C3861B4177
                                                                                                              SHA1:F77B01669B26CE6541D155740273C6FCC0A170C8
                                                                                                              SHA-256:03033B8270BD522677EF44FBF33EA76162C2EFB559800AFB0A9CA6D8704F6C54
                                                                                                              SHA-512:E3C86ADCAEA750F600A065954993C75E93D4A71C00B0F14A898F75274648273E56C8E7C38B53740C6D3D202ACE190B495EEF7FF6FED31529E0983CFC7B15C323
                                                                                                              Malicious:false
                                                                                                              Preview:regf........b.Q.7.................. ....p......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm..oQ.*..............................................................................................................................................................................................................................................................................................................................................g{..HvLE.~...........p..........c.&|H..4..{.....p..hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk ......*.............................../..h...............8...Z...........ConfigSettings..p...sk..x...x...C...t.......H...X.............4.........?.......................

                                                                                                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730295669227979700_939D3127-04A3-4DAC-895D-7E99CE23CFEB.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20971520
                                                                                                              Entropy (8bit):0.013866906697289573
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:c5vaT7R+zkqglep9TjOrCH7t3AyAAA4bgB10:UC
                                                                                                              MD5:54FD43FAC23545BFDF954E8FA1438AF0
                                                                                                              SHA1:DACEE25BA75DF2CAB08A5F4BFF35138C943D2C56
                                                                                                              SHA-256:9724358681E959543264FD6DC91A1447D8C716F64EDBC52DACF05A30BEB758DE
                                                                                                              SHA-512:EADB530C4FFC3FF5547753DEE15A5C8D966411F2AF04CE55369505E83A118E0638AA13C0A7D90896B8F7AEFDD28B272CD4BB3FB9BABC59CCA3E2EB761A008476
                                                                                                              Malicious:false
                                                                                                              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/30/2024 13:41:09.256.OUTLOOK (0xB54).0x1674.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-30T13:41:09.256Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"832A1AB0-0021-4EB1-802E-0EF8A714DDC6","Data.PreviousSessionInitTime":"2024-10-30T13:40:47.538Z","Data.PreviousSessionUninitTime":"2024-10-30T13:40:50.585Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/30/2024 13:41:09.272.OUTLOOK (0xB54).0x16E0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"

                                                                                                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730295669228612000_939D3127-04A3-4DAC-895D-7E99CE23CFEB.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20971520
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3::
                                                                                                              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\MSI4fc3b.LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):246
                                                                                                              Entropy (8bit):3.5258803161342094
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84OaO:Qw946cPbiOxDlbYnuRKi
                                                                                                              MD5:98E48F9C476C804D47B278DEDCDEF34A
                                                                                                              SHA1:3BCD753890451012AA63E19F8A07CBF5240E9773
                                                                                                              SHA-256:B0FD4F51D0DAAD7D7B11E295E1B057027C03C93149476B7304AFD2EC5BFCDDB0
                                                                                                              SHA-512:400F39D7864B8DF0FEED8C9ABFB9152ACE9D93DFBE0C6AAF446C3A5A57CDABDB70747CD11767255C2C4B4F312495B113C340EDDF4BD72B2C59E93DF59D04442B
                                                                                                              Malicious:false
                                                                                                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.1.0./.2.0.2.4. . .0.9.:.4.1.:.2.8. .=.=.=.....

                                                                                                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241030T0941090016-2900.etl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):135168
                                                                                                              Entropy (8bit):4.6822344242628695
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:Bx0OF7D2lnoyUB43jc1EC9hMWiLWP121HTGkSd2rhyttBhlIv3HuQfmgAXF8l6Wr:b48R9hMgd2rYzlI2t3XUxfb
                                                                                                              MD5:905816F0A4AEDE29DBFC4144332F0FD9
                                                                                                              SHA1:7D99B4F8E8A3114532942B43E27E2955090C3595
                                                                                                              SHA-256:A12B1130C3BC7A422D7D6565CC015523930A4BAEBD0574FFE3106D30D1EEBFAF
                                                                                                              SHA-512:75AB985F41D7E2E898945AA02BFC90CF35B6456E8BE2727794EBC8F5462A3F736C7B47CE7BDD3B22759288FD4934E3ADFA36BDBBCA00FCC533C9C3371C203B14
                                                                                                              Malicious:false
                                                                                                              Preview:............................................................................^...t...T....SS`.*..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y...........SS`.*..........v.2._.O.U.T.L.O.O.K.:.b.5.4.:.8.9.8.b.4.1.3.f.5.6.f.d.4.e.c.5.a.e.7.0.e.6.9.b.0.a.9.f.c.e.3.9...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.3.0.T.0.9.4.1.0.9.0.0.1.6.-.2.9.0.0...e.t.l.........P.P.t...T....SS`.*..........................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9pvt6jr_acuoop_3bg.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:PDF document, version 1.6, 0 pages
                                                                                                              Category:dropped
                                                                                                              Size (bytes):358
                                                                                                              Entropy (8bit):5.081747441209883
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOoNaUDNaMCSyAAO:IngVMre9T0HQIDmy9g06JX5UEMlX
                                                                                                              MD5:5004E37042ED2B81D5EC6EDCC7BB4A9D
                                                                                                              SHA1:1834BE1D2F29E287E5E5BEC7F6BD5DD0F570693A
                                                                                                              SHA-256:D90402E02E21AC417ED9E2CD9242B8A6804F7769C8B68BC2FA8F2382E577E60B
                                                                                                              SHA-512:F127920C82BD6E9A5FD1829839F2D885945CA6D3F778F252172886D79656C0A6BFFE652A2501386AFD03775BE1A2A2AF0CAC7D09C6DEF823E16BBB6DD67BF71E
                                                                                                              Malicious:false
                                                                                                              Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B71A3BC413ED864C908A16F73C8D44EB><B71A3BC413ED864C908A16F73C8D44EB>]>>..startxref..127..%%EOF..

                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-30 09-41-23-123.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:ASCII text, with very long lines (393)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16525
                                                                                                              Entropy (8bit):5.353642815103214
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                                                                                              MD5:91F06491552FC977E9E8AF47786EE7C1
                                                                                                              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                                                                                              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                                                                                              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                                                                                              Malicious:false
                                                                                                              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16603
                                                                                                              Entropy (8bit):5.358317140990222
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:S5LzlzyzdYnYoYXLYQFVFrFCcFfFYFeFu9PLqLe+I+MRFRxReRvkjpGQjGQzGQxZ:76xF1zO2D2CMVNfHAovXHl0bSp+CuYtU
                                                                                                              MD5:65E61217AF6AD16F7D9AED5022AC68FA
                                                                                                              SHA1:406D7130227820232C4A3462282FE3EC9A9ED195
                                                                                                              SHA-256:7BDF4C769089A7375B1E3B7E9CF86B80A542125A80241908E02721B036DF2020
                                                                                                              SHA-512:4585A4330B4D5ADB351CEB217176A7841E99AA2C53452679238C700FE6CFB6498070FBA168C4803EA1140FC7AFD2C74DA5C2B5E60A31748ADEE2D58D45839CA2
                                                                                                              Malicious:false
                                                                                                              Preview:SessionID=12f9c060-f44f-4832-bb9e-97c051ceb7e7.1730295683135 Timestamp=2024-10-30T09:41:23:135-0400 ThreadID=6176 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=12f9c060-f44f-4832-bb9e-97c051ceb7e7.1730295683135 Timestamp=2024-10-30T09:41:23:137-0400 ThreadID=6176 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=12f9c060-f44f-4832-bb9e-97c051ceb7e7.1730295683135 Timestamp=2024-10-30T09:41:23:137-0400 ThreadID=6176 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=12f9c060-f44f-4832-bb9e-97c051ceb7e7.1730295683135 Timestamp=2024-10-30T09:41:23:137-0400 ThreadID=6176 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=12f9c060-f44f-4832-bb9e-97c051ceb7e7.1730295683135 Timestamp=2024-10-30T09:41:23:138-0400 ThreadID=6176 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):29845
                                                                                                              Entropy (8bit):5.417146270437097
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbUnjcb0ZXI3tcbW8a:fhWlA/TVJnrZ43l8a
                                                                                                              MD5:DBA70E1050013E5A642593BC723D3679
                                                                                                              SHA1:6B1A6E44805BEFBD9E4BE0F07B1AB1F221D73528
                                                                                                              SHA-256:166A3669556A91C84A3B93F0807BBBDC9C9220DD34E3818588F6BF9FFD4DAE41
                                                                                                              SHA-512:ACC4A537C9E6336FE95E43783C4FCA748CFD97160CC3197C8B08627178B41444FA19A41D8CE49A313A7503F5D9A42D7AA5CF8289A91273901CE5375C7BC6F6D4
                                                                                                              Malicious:false
                                                                                                              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\2fca0dea-acd1-46c0-86ee-a6f4cba5a663.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                              Category:dropped
                                                                                                              Size (bytes):386528
                                                                                                              Entropy (8bit):7.9736851559892425
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                              Malicious:false
                                                                                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\9ae3fe57-b39a-4caf-a769-8e48fa9ea60c.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                              Category:dropped
                                                                                                              Size (bytes):758601
                                                                                                              Entropy (8bit):7.98639316555857
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                              MD5:3A49135134665364308390AC398006F1
                                                                                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                              Malicious:false
                                                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\c86c2b60-0a18-4e35-a89c-601c1e8c8ea1.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1419751
                                                                                                              Entropy (8bit):7.976496077007677
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:/gWL07oXGZIZwYIGNPJ5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:4WLxXGZIZwZGd3mlind9i4ufFXpAXkrj
                                                                                                              MD5:6455D4D4FB0840FC05FEC57993FD113B
                                                                                                              SHA1:E4115E9861BCCD2595E12947BCE232E89F589775
                                                                                                              SHA-256:7E396DED5CA9391334E4A4C39700F25D6DACEBBD80E63E1D4A19275165523916
                                                                                                              SHA-512:CC1088CB870FB226929D9B4200112678BD933A648809BE6CD682FE1EF78531EC92E9BE248CB09C7B71E98FDA63EB9BC92F783E54886E75C52185A1B281ABBF44
                                                                                                              Malicious:false
                                                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\cfd3b46b-6a67-4b1b-8d14-408847b9e736.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1407294
                                                                                                              Entropy (8bit):7.97605879016224
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:GqA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLRGZgwYIGNPJe:5VB3mlind9i4ufFXpAXkrfUs03WLRGZV
                                                                                                              MD5:620018BE322B154A1012AA021224FFE3
                                                                                                              SHA1:1C0875D0F8BFE4B0439F086C5F5B4F67E33C5841
                                                                                                              SHA-256:5DF52E0C26060B44140DBF0C1D53CCED12B21959C732F1DFC0BB821CD6A4D9A1
                                                                                                              SHA-512:ED9FB2B38C0F2E628BFBA7005089C91591B3313906AC05F3BFFEC7281369605B31F22382A68670E4E62E616E94AB11FC04CA723AF0EC5D97719D3990956FEC4F
                                                                                                              Malicious:false
                                                                                                              Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                                                                                                              C:\Users\user\AppData\Local\Temp\olkD75F.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):65415
                                                                                                              Entropy (8bit):7.263143557580427
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:nMM7KvYG9V0ISHTEmYZ5hsgRmZRPqx4J0x/aknbmRvAT+NkwMIj+eOc2bs:nAQamY7h/RmZto4GCkyRYT+OwNEs
                                                                                                              MD5:12C243D61913688F476F99185FA0628E
                                                                                                              SHA1:A7F4FE832F85CE0B40092B8001DA647097D53AF3
                                                                                                              SHA-256:B5B59026D622E8EA43D381125FBBB7950D1B2A4A2E84164D640333572BF2EA35
                                                                                                              SHA-512:BAB0DA38C08B2E6D0BA85802321913C0B2E18FE8F0DD6A5E6F9C4769D9C88F7217D0AD1BDBDE408494BBB23368924DD7E174044D9D13EAAE12CEF52E97071EAA
                                                                                                              Malicious:false
                                                                                                              Preview:a...#+.]...uH[O.'u.C...RZ}..;N~='e.y.H.C4.$g..!................$..i.. .HG.u..\....%.c....-..:....r.....wZ.....Yt..p....1.B.........~.<...r.%..N...Y2....k.+..t...%.Y.....u...l7.|e...2....z.Jy.....(pn.IUj.a.*gWur....t6..@;.v"..X.Ga..g{.,.....z..Y.........sq....B....Y.]...Q....Tc!r.Q.Q_..0.=".=b.z.t..M.....O.nS..n....;....m].+w.J.d......ktr.K.1POA...]...M".\.y..5.7.y..,5..1.M#.v.F..........$...m...c...z(.0......w...h.1...=&W.[.[....}.."...*.!.......*c..M....@...(....OeXo.6l..W).n..J6....h.6...ah,.`.4F.J...r..u..?..a..f.C..t..OG~....'.4w..Q.a..&.d..i.]1\.{.^0t.4^.4W.N...S.'.S$....W...JU...4b...f.a...C..M.9T=Aq.e..R-PW.t...H.Pgh..7....b.Rl.a..T.U.Vi.Qif.r....S.Cj.:...r.1.....(.p...I..T..T.....e.S.Fq...n...k.u..A.S.*...*.o ;G....Uh.Q....u.N.l'.q..Sw....iJ...RL...q.1..ge...^..B..0.V..f..ti.+.J&..z.&...R).(D+T.J.|.M.../n*T.J..K..6...C...b+Q...)....H....S.j.G9..Y)...B1....,.(.b...,.S.je...|...".].W*..t.J.(....z..T.J.?..........kJ...OI.W...4g.....$...

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):30
                                                                                                              Entropy (8bit):1.172253928364927
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:26u1:2
                                                                                                              MD5:5CE22769BF4457144DFB3B289EC763A0
                                                                                                              SHA1:60A83644F7CD55DAB843F551F557720F3EB931B0
                                                                                                              SHA-256:0F58F595B45B024147E017E82E6088B24DD15B18A8F0D42F3FB3B614854D667A
                                                                                                              SHA-512:4F9ED3716E2E4CF88CB10001B31B30B5E60B6A400C7E91E4E70693DE7815E569E81BF0424BBDA92FBF30FCD5961E5852A8EC72BE442C67890BD8615ACA85A6CC
                                                                                                              Malicious:false
                                                                                                              Preview:..............................

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16384
                                                                                                              Entropy (8bit):0.6701310387594546
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:rl3baFEEqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheClgm:rHmnq1Py961em
                                                                                                              MD5:A4EDA144A7CDA5B75DB247483E4BE1A0
                                                                                                              SHA1:BC3C97B9AA4D0219ED2932BE7D9C8DE17BFAAA0A
                                                                                                              SHA-256:D60D303C1F4D6A1878C6E199A728BCFCD96EFC3D6964EB0D10CB1098BD144121
                                                                                                              SHA-512:EF59C205646357369BA909382764485DA6D2C5B70095C8D374FDCEC949569F15F92093B176A043E07251141C39EA875479A3CD52E35BFC8CAC330EB8F3475DDF
                                                                                                              Malicious:true
                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14
                                                                                                              Entropy (8bit):2.699513850319966
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QGiWlG:QGbY
                                                                                                              MD5:C5A12EA2F9C2D2A79155C1BC161C350C
                                                                                                              SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
                                                                                                              SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
                                                                                                              SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
                                                                                                              Malicious:false
                                                                                                              Preview:..c.a.l.i.....

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:42:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2673
                                                                                                              Entropy (8bit):3.972583275412167
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8Wd/T3HGHGidAKZdA1FehwiZUklqehty+3:8qTbay
                                                                                                              MD5:D2EDBC5D4DD77F15A51738FB9D702CA9
                                                                                                              SHA1:F47FFC7938D1FE1E58ABCF6A7EA346B15F05C4B7
                                                                                                              SHA-256:EECD3DC0CD2256ED245B8EC4ACB429744DAABB538CCFB78E27967B765575B5C3
                                                                                                              SHA-512:B6C510CAB73C88271115F582DAC5A965094F123A19DB0B481FC63683E6C511D24F2FD713E79C3FDE07F77D252CFED1405BFB18302E654EBC54A11BCD22A5B753
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,....W"...*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V^YWm...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:42:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2675
                                                                                                              Entropy (8bit):3.9897478124933
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8md/T3HGHGidAKZdA1seh/iZUkAQkqehKy+2:8aTF9QLy
                                                                                                              MD5:2719005B37BFA45F2D4786AE3D775A77
                                                                                                              SHA1:DC63E0EC0D1CBEB9C155BC763D381E301673D8E8
                                                                                                              SHA-256:3FCCB21659D1070F8AFEC19F849C172724191C84D749ADEA0B6DA18B47AC5358
                                                                                                              SHA-512:8987E1890FB8C1A0FEF3CD5334D6995D054A267DD3B6ACE889E12DD77281DE630E2098A8744C1D0C42B5C177ADEDD3973E8BBC165EAA594FC073E4A008875039
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,.....)...*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V^YWm...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2689
                                                                                                              Entropy (8bit):4.000798810870449
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8Rd/T3HAHGidAKZdA14meh7sFiZUkmgqeh7sAy+BX:8LTznWy
                                                                                                              MD5:C127462BDC89BBC096E1F9ED19CABC41
                                                                                                              SHA1:C31821300B63379961D4DD58082DCC60584BC6A8
                                                                                                              SHA-256:D8C408365613F8F3924EBCAC25E3DEE9117060D97503E77B017AEB01CB4152BD
                                                                                                              SHA-512:9D45DD70F9E36AADCCA069AC32ECA5EED141B8FE2FB211E68FBF5040322F48C8A018C25EE75FA892B6AF098137A78BCDC3248947CB1EC8D76541567A1B5C9622
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:42:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2677
                                                                                                              Entropy (8bit):3.990164029498934
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8Vd/T3HGHGidAKZdA1TehDiZUkwqehOy+R:8HTWYy
                                                                                                              MD5:63DFA3FEB08B95C3D4EC5A1172679B64
                                                                                                              SHA1:C084433AB06CD82FC92192CE8FF59684E2F7C7BA
                                                                                                              SHA-256:73CCF238B9F2D2F5477C6D8DB7C855E93389EDF58E32E37BBEBE74A27DE9F620
                                                                                                              SHA-512:D37809393A5D70AD124D340DA72A64A6493022AA21F61A394F443B3B2DBEE1F425548327C4E03AAD253AFA6F8A2B127DECDDE4CDF50C757D3FEC3F6036D8C2A5
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,.........*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V^YWm...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:42:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2677
                                                                                                              Entropy (8bit):3.9779817688545447
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8/a6d/T3HGHGidAKZdA1dehBiZUk1W1qeh8y+C:8/aGTW9cy
                                                                                                              MD5:87323B345BAAEB19767BF64E56D22EA0
                                                                                                              SHA1:84FAE091A8CA64D41E93043E7159E09E175D10B6
                                                                                                              SHA-256:993BAB58D0FD780EBD0633064463174949BFCA3CD143D397F1ED8BB8B9E76D2B
                                                                                                              SHA-512:5CC1EA8326284D0BA54B8676DB76BF13CB20C98E251B2AF3551C3487D6CE5863AA5BFCB6E1783F00049AC78EF962C46F296A33A775CF3924C17F51A6D2E99151
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,.........*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V^YWm...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 12:42:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2679
                                                                                                              Entropy (8bit):3.9866000334699203
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:8Hd/T3HGHGidAKZdA1duTeehOuTbbiZUk5OjqehOuTbWy+yT+:8RTsTfTbxWOvTbWy7T
                                                                                                              MD5:F9740FF4EF789CB37D428B0D552F6A08
                                                                                                              SHA1:653C54F8D583D1913C3F1B5F829DC0EF2C123595
                                                                                                              SHA-256:1AC01348838B93BCC32B39306806C57AA69C3E5A48204B04E3F6FC383BEE085A
                                                                                                              SHA-512:BC2C17CEE6E4CEF0C49B7F9AAB5BA503F725E2FA2E69F21CC4712FD73983C488183E85FE52CFB5791D61C5C501514D51BE8109D9339D56369F4971E2F626C9BB
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. ...$+.,.....(..*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I^Y.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YVm....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V^YVm....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V^YVm..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V^YWm...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........\1\F.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:Microsoft Outlook email folder (>=2003)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2302976
                                                                                                              Entropy (8bit):1.5677571508285297
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:yH42FuDtAxzZQ0WMxKUividR/zjsS0ZawRIi:yHNoiTQIx6KESmLRI
                                                                                                              MD5:84F1A31636D34158E0CEAAE7D7121272
                                                                                                              SHA1:942BACC60A844318BEC2A5B13C1FBE6ADFC55551
                                                                                                              SHA-256:F2EAFF665A5C98F73AADF90501982039B67878906AB093FD922A98E721306977
                                                                                                              SHA-512:1DD527FEBE0D3611C7C1EABAB52D639E175A03A400154C4F8056E055FD40382F9A5032BC89A861C4FF26A6D035A29D04B42DDB93ACBC6E48125311DCB757F5CB
                                                                                                              Malicious:true
                                                                                                              Preview:!BDN;...SM......\...............@.......e................@...........@...@...................................@...........................................................................$#......D.......&..............?........4......<....................................................................................................................................................................................................................................................................................................|..._......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):393216
                                                                                                              Entropy (8bit):6.047715102715382
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:svXhFRH4/4g2xzh+0a3wKRlOidR9kjneHOEZT:+XhrH91b+7wPKueFT
                                                                                                              MD5:AFFE56A91EB9A345C06BDB7D56AF1AE6
                                                                                                              SHA1:5835497425AB6D6BC7646A6EC74C8316C93324FB
                                                                                                              SHA-256:2D8203B4A08484DE6AE0EABE303CCB2FBC4763BCCCF290952B583706CC47AABB
                                                                                                              SHA-512:27664B80B180D491B3D69369C04774F6C16FA12B59ED0E887A462C623720D9EEC8DF639664A99ECD72B0F01E2B3CFFABCC8884D5A37AF71B346CC1C45D01FBBF
                                                                                                              Malicious:true
                                                                                                              Preview:.Zh{C...........T....l6`.*....................#.!BDN;...SM......\...............@.......e................@...........@...@...................................@...........................................................................$#......D.......&..............?........4......<....................................................................................................................................................................................................................................................................................................|..._...l6`.*.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:RFC 822 mail, ASCII text, with very long lines (2177), with CRLF line terminators
                                                                                                              Entropy (8bit):6.091271300336115
                                                                                                              TrID:
                                                                                                              • E-Mail message (Var. 5) (54515/1) 100.00%
                                                                                                              File name:phish_alert_sp2_2.0.0.0.eml
                                                                                                              File size:306'488 bytes
                                                                                                              MD5:f7d379660cb12c8b8e6bb1781405ace0
                                                                                                              SHA1:921f525ae5ac591b54f1895305cf6e68f2c6b72c
                                                                                                              SHA256:e4a6b887fdf894a7033231b4980ad457d8c6f179710f6b6d035f864fd13bec39
                                                                                                              SHA512:ce4e5739eb97a5ca864a5d25cd63f1e923c40b546215716f114301b3c299ea5b493c518acf0976bbf29d6074a5508a5fcedc07a8ed010fe21f951f48523814b9
                                                                                                              SSDEEP:6144:Hdj7gLH9LHz2ufK2IXn0AnWZ61paxE3JTSYcvbCiy616RNY:Hdj7gLH9LCeY0Y1paxE32y61f
                                                                                                              TLSH:1F54E117BD961488B798D26F5F2BFE43A4439D3B288749E9327C4253A0ED7B31590C8E
                                                                                                              File Content Preview:Received: from YQXPR01MB5658.CANPRD01.PROD.OUTLOOK.COM.. (2603:10b6:c01:28::6) by YT3PR01MB10734.CANPRD01.PROD.OUTLOOK.COM with.. HTTPS; Wed, 30 Oct 2024 12:42:15 +0000..Received: from AS4P189CA0059.EURP189.PROD.OUTLOOK.COM.. (2603:10a6:20b:659::29) by YQ

                                                                                                              Static Mail

                                                                                                              General

                                                                                                              Subject:VENDOR ONBOARD PENDING READY FOR BUSINESS
                                                                                                              From:Aditya Pawar <aditya.pawar@siemens.com>
                                                                                                              To:Teresa Mateus <teresa.mateus@vontas.com>
                                                                                                              Cc:
                                                                                                              BCC:
                                                                                                              Date:Wed, 30 Oct 2024 12:39:59 +0000
                                                                                                              Communications:
                                                                                                              • EXTERNAL: Do not click links or open attachments if you do not recognize the sender.Hi There, For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Aptos;} @font-face {font-family:Webdings; panose-1:5 3 1 2 1 5 9 6 7 3;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:11.0pt; font-family:"Aptos",sans-serif; mso-ligatures:standardcontextual;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Arial",sans-serif; color:windowtext; font-weight:normal; font-style:normal; text-decoration:none none;} .MsoChpDefault {mso-style-type:export-only; font-size:11.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --> EXTERNAL: Do not click links or open attachments if you do not recognize the sender.Hi There, For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary EXTERNAL: Do not click links or open attachments if you do not recognize the sender. EXTERNAL: Do not click links or open attachments if you do not recognize the sender. EXTERNAL: Do not click links or open attachments if you do not recognize the sender. Hi There, For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary Hi There, For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary Hi There, Hi There, For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. For some reason we are missing/expired the attached document from your account, please fill and send out the document to have the account ready for business else the account may be blocked and difficult to created future purchase orders. With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS P Please do not print this e-mail unless necessary With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602 With best regards,Aditya PawarSiemens Technology and Services Private LimitedGBS P2P IN PS 3 AM NAM2 2RGA Tech Park31/1, Sarjapura Main Road560035 Bengaluru, IndiaMobile: +91 8867942602 Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS Telephone: +1 (316) 219-5236mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS mailto:aditya.pawar@siemens.comwww.siemens.co.in/STS mailto:aditya.pawar@siemens.com mailto:aditya.pawar@siemens.com mailto:aditya.pawar@siemens.com www.siemens.co.in/STS https://urldefense.com/v3/__http://www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$ www.siemens.co.in/STS P Please do not print this e-mail unless necessary P Please do not print this e-mail unless necessary
                                                                                                              Attachments:
                                                                                                              • image001.png
                                                                                                              • CoC-

                                                                                                              Headers

                                                                                                              Key Value
                                                                                                              Receivedfrom JH0PR06MB6775.apcprd06.prod.outlook.com ([fe80::7a60:e30e:cc15:2e5d]) by JH0PR06MB6775.apcprd06.prod.outlook.com ([fe80::7a60:e30e:cc15:2e5d%5]) with mapi id 15.20.8114.015; Wed, 30 Oct 2024 12:40:00 +0000
                                                                                                              Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kOWwmz3sd7iqfs4I15grRczcGqp7skr8iI1R0uX6YPvSksN9GEibNUdlmHA1bk1TkSVKpiUBFN/cZGvMS8HJwwfMxTSv7HHjupQ9GNc7VW/dBP2Ed23l4PXZ82QMxUxtY/529YamI01Qx+R2OPc6xBwzQ3rAmN4jFaqYpI27ilXwpwefm8rNt4pHbJVQF5q0Cz8ZHc2+VhI8HtlNNLGdhBmPLYclKt+iSoHeO8gSm6MknDZISK936wIn/HYYd/UymQejCunx7Ftrskjy9pR8r5G9GoWRmaxglCFSWQzaFMElkR5vhvPVsMrkzqooOrzFz7KE5kmc2Y+zTEENbtJj7w==
                                                                                                              Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hIJBeAkvVOrwhglE03fvz/DJOCJWpgH5K4schXszQV0=; b=e1LTQlkRZ/IJA3pczt6dpdP8LK04YUEI/bgg1Rp7D1vY+Ey2qlA++YLfr4oRBh/U/A5Suq7YtG/Y1yR89pSaRVdl8dscq8AE6GBYAoc8ihpD4qK+5nOQkbTxTjoYlcZrMOauK+Mej4yzSuV2fBWcxRtn7WXMsR3vhRJeMojI13ZXxxAD0BEF1pRdIm9U49kcnGDLKWhhKJo5T9eFr+DJVYsiaPLEdOwxnbQVP6Um2CYXqAX2TOVsEkLwVx8fNe1qH1DSiAXx19QQyiF3Nx/6upHKkAz/Tv12BcGye2E4xGgr/7q5w1BderL7m4azw4upASk7dVAsVVi4uCj6LGA5SA==
                                                                                                              Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
                                                                                                              Authentication-Resultsspf=fail (sender IP is 67.231.151.23) smtp.mailfrom=siemens.com; dkim=fail (body hash did not verify) header.d=siemens.com;dmarc=fail action=oreject header.from=siemens.com;compauth=none reason=451
                                                                                                              Received-SpfFail (protection.outlook.com: domain of siemens.com does not designate 67.231.151.23 as permitted sender) receiver=protection.outlook.com; client-ip=67.231.151.23; helo=mx0c-001a4c01.pphosted.com;
                                                                                                              Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=aditya.pawar@siemens.com; dkim=pass header.d=siemens.com header.s=selector2; dmarc=pass header.from=siemens.com
                                                                                                              Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hIJBeAkvVOrwhglE03fvz/DJOCJWpgH5K4schXszQV0=; b=HuwC4RMQ/p2V9ejHqroP2d0+16lUCe+gHjg7xB2aRQrJb4f+oaXgBO9CoWmfLa6U8uD3reRl9/XAvZbSYIvx1vuayEOXHIFIj1tS6Cke3GJ8lfNHToHLEil/qBlOkNq8+WVp75CdMOUw/S1QNp6otk2LxPgW6KEUGQAu0gH2yoPLNEMhYcqwe/zVG2zGxBIl/DlaJhSIjOLlZV2Gr+Xuh/AxPyzTwb8JtNPkr5bKEwcyVcLyZ1m3WLIllgTeJV2LfYY/BbKt/Tk8SxZ3eBxypVMv0LkY8yiaCywn7zHu/ttq75cqhdb2kyfEPartyWuZueUADcyYPjpIGNdSmKefgw==
                                                                                                              FromAditya Pawar <aditya.pawar@siemens.com>
                                                                                                              SubjectVENDOR ONBOARD PENDING READY FOR BUSINESS
                                                                                                              Thread-TopicVENDOR ONBOARD PENDING READY FOR BUSINESS
                                                                                                              Thread-IndexAdsqyIkm2mDCOheOTs2W92UZoyv0hg==
                                                                                                              Importancehigh
                                                                                                              X-Priority1
                                                                                                              DateWed, 30 Oct 2024 12:39:59 +0000
                                                                                                              Message-Id <JH0PR06MB67754BE62ED0ADAD7974F4A784542@JH0PR06MB6775.apcprd06.prod.outlook.com>
                                                                                                              Accept-Languageen-US
                                                                                                              Content-Languageen-US
                                                                                                              X-Ms-Has-Attachyes
                                                                                                              Msip_labels MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=35fbb567-d7d3-4bbb-beb3-f73caf6fbb2a;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-10-30T12:33:06Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
                                                                                                              X-Ms-Traffictypediagnostic JH0PR06MB6775:EE_|JH0PR06MB6703:EE_|AM2PEPF0001C716:EE_|DBAP191MB1180:EE_|YQXPR01MB5658:EE_|YT3PR01MB10734:EE_
                                                                                                              X-Ms-Office365-Filtering-Correlation-Id 63364fde-12e7-4e98-c67a-08dcf8e044a0
                                                                                                              X-Ms-Exchange-Senderadcheck1
                                                                                                              X-Ms-Exchange-Antispam-Relay0
                                                                                                              X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|1800799024|366016|376014|38070700018|8096899003;
                                                                                                              X-Microsoft-Antispam-Message-Info-Original howXX63enyw4o4u7KKRt22uIuk2OoVNE6bsJr7/FolSj6EkjUn9COUQgWAqaE+inTjO4K8RH1k/bBF06kX+1GDsPG/hhNeKe45sta/0yDJua1TadvEWas/Imp/zfml9TmeEwVbp3rKBai7rdsPEbivxb0xSzQOKGGVBUuOWfL0l8k23nbgkZHtgQJ6p1X7OZbPuO5P8Y6+Y/LXKOvbb5Dr2VOsU7u6iScUdNblnb5oHAoInodm3kuSnT/9N6fMY68oxPmk6rkac65YdtLkRIqwQuEUNlcUPfEUdal7tHKBVm1IRy3Y7zaYwcgdgkO9KwHWRV5OUUbePWTKdsNiDX+wXaoRHUeJtD86x0kT0s6WzDqjQcgo3zR1iyxWWhkrlW0k0fZFfURNdQnlWHdVII0IjTUWaNHjXpU6Ihy7vC+SUwv+1bnFPnokF6jM5fxNY/jsBpLvYkVqczDI1X1y7bLuPSQUYaoFb4mmFHMh1SyzBrl3TQ1hpsEM6MBGzcgCJhViRr4ZM9WweBiQ3lS5sds8ugV3nIAsIKGlKV0wIUOQqLVCPxRuIy3Es+JzLilF+TcPRCbiZ+GG9NLfaklYQ5CUJpmaCflr5AFEG1LgMiN+ZDHqBHhXMRvvCjZLEB89sz0VQmd2IpfR30ql8x3kdRNphVHP7eHeVzbaSuz8n9fKUkTgnUMBceoG8D3q3cxsE7uy1+RyAfueEt08P43y/2I/0itUCLkd5CHFOSqcGK49cz/+nUQEMeXoiZFxm4p1BOjVtGqlqD8Of8krsVKHG3vQAyo5Ii8TULerh/sarVc0T9CgWQsHFaH/nybvWO37JwqJ0WJ9nXmVDKFU48/s3g5pgpgnJV7w1vlunIx1u9+UASGgnL5inIXA1e4GDnt6JOml8vUhpttmXVxViigTbyy5OeRZrHYTTiASACDdENswbia+CGBPtrqiMaJFEPwxYlGcMi2z7VIsiuRYNVr/G7kho4oRO2TvPveyOxLyl9m/Mrf4ngE70f8PqXE+j1A7Sh0BqSHFLYi50rNxJaN1ZJE35UAwE7bNU1UhVneN4AZOz8njrUofCMbsiSB+Dj88nPh36YIHRLxZxasRYICrnRpRiKCZgHgc+tK0kCkuu67mrKIikMrFs/JmLBXS0uKOIkxInzSaJ/TMrz8dTdgL2q+doBeepYrtt77e76BlDf6raqpF8rG2z9QC/A16tu9CnNvUMi5Q/yux0Bbk9BKdTzTJJ0d0fNx1RO8by/KVIoA6OiGYRAVl6gG66rcWh98HrmCKZ0Ut6tZMyehOM0AJH7Tg==
                                                                                                              X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:JH0PR06MB6775.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018)(8096899003);DIR:OUT;SFP:1101;
                                                                                                              Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17302935913010.5573141845277747"
                                                                                                              X-Ms-Exchange-Transport-CrosstenantheadersstampedDBAP191MB1180
                                                                                                              X-Proofpoint-Orig-Guid1feRIUJ172T3kLIOQhR4GVWjx6W4LdWZ
                                                                                                              X-Clx-ShadesDeliver
                                                                                                              X-Proofpoint-GuidmUmRnsS0_7PYCP2FEkxU2wPPM_MfF6tC
                                                                                                              X-Clx-Response 1TFkXGxsaGREKTHoXGx0SEQpZRBdgX0kYelhucm1EcBEKWFgXY1BQH2ZtR3s BSHIRCnhOF2t+GGNQZ0xeGkBeEQp5TBdmYhhQYHBaSXJ8fBEKQ0gXHRoRCkNZFwcZHx4RCkNJFx oEGhoaEQpZTRduT0ZDXE9YEQpfWRcfHBoRCl9NF2dmchEKWUkXGnEaEBp3BhsTHHEbEhkQGncGG BoGGhEKWV4XbGx5EQpJRhdcRUZLWENZdUJFWV5PThEKSUcXeE9NEQpDThcbTE94Y39gGx0YfhlB ZmNle0J4Hm18fUBSHH0eZk59cBEKWFwXHwQaBBkdHQUbGgQbGxoEGxkeBBkfEBseGh8aEQpeWRd PfBIeHxEKTVwXGBwdEQpMWhd4aU1FaxEKRVkXQxEKTF8XegUFBQUFBQUFARsRCkxGF29va2N7a2 sRCkJPF2hDRlgYGGVnXEBEEQpDWhceGgQbGh0EGxsdBB4fEQpCXhcbEQpZRRcZEQpFSRcbEQpFZ hcbEQpEXhcaEQpCXBcbEQpeThcbEQpCSxdrfhhjUGdMXhpAXhEKQkkXa34YY1BnTF4aQF4RCkJF F2xzXBITGklQUGUZEQpCThdrfhhjUGdMXhpAXhEKQkwXY1BQH2ZtR3sBSHIRCkJsF2Qfbn0FZ39 ZQB1QEQpCQBdjbVhzcB5wTWgBQxEKQlgXbkdMRxJMTm4cGEQRCk1eFxsRClpYFx8RCnlDF3odTn h4UktaWVpMEQpZSxcbGRMbGxEKcGcXbnNDGGZtSE0bbm0QGxgTEQpwaBdvYW5dZRpjcB5IBRAeG hEKcGgXYBtuSElsbhJNRHgQGx8TEQpwaBdoWHx9a3gZTn5IfxAZGhEKcGgXaV1yYB1Mc35EWgUQ Gx4cEQpwaBdnRH5AREtLQRtdehAZGhEKcGgXbUh4fmMeYlNkRmAQGRoRCnBoF2BoR2ZuHxhiTVJ uEBkaEQpwaBdtGEhQGU94SX5uRRAZGhEKcGMXbEQeaxlHbURfTBMQGRoRCnBsF2xQWHseRRpmSU ZlEBkaEQptfhcbEQpYTRdLESA=
                                                                                                              MIME-Version1.0
                                                                                                              X-ProofpointheaderYes
                                                                                                              X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-30_10,2024-10-30_01,2024-09-30_01
                                                                                                              X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 malwarescore=0 spamscore=0 adultscore=0 bulkscore=0 priorityscore=178 impostorscore=0 clxscore=1103 phishscore=0 suspectscore=0 lowpriorityscore=0 mlxscore=0 mlxlogscore=999 classifier=clx:Deliver adjust=0 reason=mlx scancount=2 engine=8.21.0-2409260000 definitions=main-2410300099 domainage_hfrom=13911
                                                                                                              Return-Pathaditya.pawar@siemens.com
                                                                                                              X-Ms-Exchange-Organization-Expirationstarttime30 Oct 2024 12:42:08.7517 (UTC)
                                                                                                              X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                                                                                              X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                                                                                              X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                                                                                              X-Ms-Exchange-Organization-Network-Message-Id 63364fde-12e7-4e98-c67a-08dcf8e044a0
                                                                                                              X-Eopattributedmessage0
                                                                                                              X-Eoptenantattributedmessage75c696ec-5bfb-4892-9a0c-9187a9061cd6:0
                                                                                                              X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                                                                                              X-Ms-Exchange-Transport-Crosstenantheadersstripped AM2PEPF0001C716.eurprd05.prod.outlook.com
                                                                                                              X-Ms-PublictraffictypeEmail
                                                                                                              X-Ms-Office365-Filtering-Correlation-Id-Prvs 1aa31c3f-39dd-4f76-605f-08dcf8dff7e2
                                                                                                              X-Ms-Exchange-Organization-Scl-1
                                                                                                              X-Microsoft-Antispam BCL:0;ARA:13230040|82310400026|35042699022|5073199012|4073199012|8096899003|4076899003;
                                                                                                              X-Forefront-Antispam-Report CIP:67.231.151.23;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mx0c-001a4c01.pphosted.com;PTR:mx0d-001a4c01.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(35042699022)(5073199012)(4073199012)(8096899003)(4076899003);DIR:INB;
                                                                                                              X-Ms-Exchange-Crosstenant-Originalarrivaltime30 Oct 2024 12:42:08.3299 (UTC)
                                                                                                              X-Ms-Exchange-Crosstenant-Network-Message-Id 63364fde-12e7-4e98-c67a-08dcf8e044a0
                                                                                                              X-Ms-Exchange-Crosstenant-Id75c696ec-5bfb-4892-9a0c-9187a9061cd6
                                                                                                              X-Ms-Exchange-Crosstenant-Authsource AM2PEPF0001C716.eurprd05.prod.outlook.com
                                                                                                              X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                                                                                              X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                                                                                              X-Ms-Exchange-Organization-Authsource AM2PEPF0001C716.eurprd05.prod.outlook.com
                                                                                                              X-Ms-Exchange-Organization-AuthasAnonymous
                                                                                                              X-Ms-Exchange-Transport-Endtoendlatency00:00:07.5844868
                                                                                                              X-Ms-Exchange-Processed-By-Bccfoldering15.20.8093.027
                                                                                                              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                                                                                              X-Microsoft-Antispam-Message-Info 5GufznBIiRs1OIdlcxJRWnRv/NATBEqmgBV1WBnw02TrpSjCKfqCE8YmZ/us3BxABvtG279jg8rSdaDSFdo4rAPKeJjxmDyMs8PLqrdV3e/xvQjqkVvrxkSxJn7cQLu5QA8QK3Rwhm67CO6Q+g/52o7mWfuz6Uhs4yBpo/9DJfz7Ce3Gfje7xSenOkX5Id6mJb/1hhhC6xLyoFgwlNW+JgPdYSqlKe5Jy92w1yob+Iw5HcFBQ7pyTaDSC/FjWzGesKN8qtj5JVYsSVXL/D/HvwjMCViiz/5lysvpCzl4GynPP8XCWpicCcw5HQ/oTDwag/5peF0EzVpAM7VoRNKcXyI2uUmuexdXbL0XoM4JsQPRte3JQeHU+zOwI1L5Ien7OmIoNrvufMhvvjM80xzjhOrDaedsMEuVf+XnYPIH6EMdsNX7yYKo1CpXEPFiCfaXPyBrGEz3kZeVTQlwws7reo9uPMu2Jiu8mqBosLYoQv75XGVpVp2BPb2ksAcW5sV2sd/U3JKZgcDzkIHfXO4YGS0SUK09yduz3HAaCsBVO18bTVIHF2EEKbs/HTMolFNYvYQgn01ItEAXy5vo4QWPzHY4QYFKI9JBF6WO+dxWie5lVlfJ8Fxp3P+Wz3LuHnuYwyZLRqOx8gj4UDgOeJA97KRM3sCZ/7PLR7heC2RWUpqZZkapw4428lv5D+Ha36vuNTgA7YNmgRrSZl3LAN7cgI4OCpG2vV6BT5NnXxwzXkkLC4nzdVtVSBagGbNwVJLtD8t50y9DMKCyrkfZe+AMk/xpv/IXoTmrFqdlPZo4nUv6uXSPxU9qDvPLrlG7v9eQKoZ+xoP8JdRymLuh6ertKHzYwm1FFAOxXTc6/vjOFO8GVDHU4kFFzFCdzq3npJGxev4hSwV2TnZFHYz1OZu4swlJcvXsZx7vJZw+SEBQBPfWCuxSQ8qjdW6cMJh68NivawOvWzi1anDBTycXBN8WD8wecmf1ljUoISDnUIs0xJHi4JPEWHRaj73+iJY96BWzGSIZuskozwb5NX2QwhQ2ZkcOZ5a9HmA0OyOI0n5QxRsktExjrUlFycAZsWuJ0iiY1DTU0IHX7X/BMvk1px//IVNmirX35nZVhwx38/+0jaX/SDJw8/6hVMvLmN7QHoAc4Q88+gV8FFka8ZblX3TbOtOEN1aS44XC2GudHMElFuqIHzD/5D45P3vK51U2O1xRbPA+/Ta9MvViVIqxQMIva3P5AYIBuEIWM2HLpmncn+U6dcv2jwX8o03u0EWBNZBzDmWjCo38RX/J9j5xjf3vdv5DuHiw8jK1PjriVcDMAprEzEc9Tw4A0/EvC7KQCsqWx7UXO68pD76AFRDKjq4lUQ4C+fnaMZ1t4eXwtSoHK7vmH0Iwkw+oN6enWkC5MDcRy7wr+bP6H+ApfSTRcP+I/8C1272AQgjgGvthyWPaxCgsjnTwQUWV3L18ebVBv+nw1k0A2m5kQ0IOCeuW4kcR4I4CbRdn30iEI9dsjsWxL6xHK1SXyfGiRxV4Ua/q7D91owxhWJe6XOwkNaFhMkxvPSk46hb8SrSVN6s8obWdu4l5HACdpsIPw6KzasOifakRuM0HFxTUfItg4O35G9FZ9MIl9Gqvix3UMbmhkqz0g+Mt5An4gAU4ic36NWC6mtEXAne7HJUPRneCBgCgn0erPPjlRvHLSvnLi1lbNnhuUuTwNsvSkUZHEnTAG/P42Qyy6d+AqY0Yo2YyegTl+xEqrvPTZGTYceo/VnnuTqizaIFLfrUGu8PGtf90DU1fuzkOzG+ZlSe6RfwhPIZhHbkMlJMbwIWEGGHgzePdbKmbi6UtS4UfOT7C/x0kRig52/0ndJvd7ME0PLxx45PiVizc7RS4hZRpqbtWnCuYF1Um9ftpEOAeZjkacMzlDDP4PJmoaC92/K2SXHdiiwzvHpZYjsufZaDPNtd3/Et/NuuMTiSNjzpfdfH5+ywnHK0t9yYOlZarD55B/92tIFXknweRadfL6BINKJMSEcepSl3eDFeq4o7fmDqD2+YXN525NTjYNvyGZcCUpv9gSWUJx+4xoGizOKw3CIckN/d87SF+T/F/1FSb3cCvSYxm/CcBGP9MYiCKtXndKSH4U08egnXSjZzREBc/4qTFmXYL4dRop4Y2P8imrwzb5w9fFhvN1Brq
                                                                                                              ToTeresa Mateus <teresa.mateus@vontas.com>
                                                                                                              Content-Transfer-Encoding7bit

                                                                                                              File Icon

                                                                                                              Icon Hash:46070c0a8e0c67d6

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Oct 30, 2024 14:41:07.848767042 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:08.152466059 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:08.760411024 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:09.970412016 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:12.375366926 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:15.167808056 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:15.167849064 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:15.167932034 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:15.168994904 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:15.169009924 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:15.182291985 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:15.182336092 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:15.182415009 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:15.183407068 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:15.183420897 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.005637884 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:16.275352001 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.275434017 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.293339968 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.293437004 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.304088116 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.304121971 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.304487944 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.307045937 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:16.354382992 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.447976112 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.448010921 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.448378086 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.454916000 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.454945087 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.454991102 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.479790926 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.523338079 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852812052 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852847099 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852859974 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852878094 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852917910 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.852943897 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.852957010 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.852962017 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.853007078 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.853164911 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.853224039 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.853230000 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.857768059 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.857795954 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.857831955 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.857871056 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.857889891 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.857912064 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.858551979 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.858572960 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.858710051 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.858736038 CET4434970740.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.858797073 CET49707443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:16.865412951 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.865430117 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.865444899 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.865626097 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.865665913 CET443497084.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:16.865715981 CET49708443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:16.908459902 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:17.041980982 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:17.042026043 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:17.042120934 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:17.042490959 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:17.042505026 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:17.178417921 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:18.119411945 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:18.169846058 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.170568943 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.170592070 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.174751997 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.174757957 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.174819946 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.174829960 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599268913 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599294901 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599349022 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599375010 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.599401951 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599420071 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.599889994 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.599905014 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.599915028 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.600092888 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.600127935 CET4434971240.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.600303888 CET49712443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.680959940 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.681003094 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:18.681209087 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.681515932 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:18.681530952 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:19.792721033 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:19.792788029 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:19.795214891 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:19.795228004 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:19.795474052 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:19.795901060 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:19.795957088 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:19.795970917 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.148967028 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.148991108 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.149029970 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.149056911 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.149065971 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.149107933 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.149446011 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.149476051 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.149621010 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.149655104 CET4434971340.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.149699926 CET49713443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.233261108 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.233299017 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.233567953 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.233711958 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:20.233724117 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:20.484577894 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:20.532412052 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:20.802392006 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:21.335858107 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.336860895 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.336879015 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.337644100 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.337649107 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.337704897 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.337712049 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.340997934 CET4968980192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:21.341119051 CET4969180192.168.2.16192.229.221.95
                                                                                                              Oct 30, 2024 14:41:21.411406994 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:21.734460115 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.734519005 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.734560013 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.734590054 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.734596014 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.734642982 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.735075951 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.735088110 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.735101938 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:21.735462904 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.735546112 CET4434971640.126.32.74192.168.2.16
                                                                                                              Oct 30, 2024 14:41:21.735640049 CET49716443192.168.2.1640.126.32.74
                                                                                                              Oct 30, 2024 14:41:22.621422052 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:25.028443098 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:25.346560001 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:26.790544033 CET49673443192.168.2.16204.79.197.203
                                                                                                              Oct 30, 2024 14:41:29.831439018 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:34.951481104 CET49678443192.168.2.1620.189.173.10
                                                                                                              Oct 30, 2024 14:41:39.440560102 CET4968080192.168.2.16192.229.211.108
                                                                                                              Oct 30, 2024 14:41:53.227931023 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:53.227972031 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:53.228081942 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:53.228533983 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:53.228549957 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.342524052 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.342636108 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.346642971 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.346653938 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.347125053 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.354799032 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.395323992 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.727047920 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.727118969 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.727174997 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.727214098 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.727291107 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.727360010 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.727360010 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.844242096 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.844315052 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.844371080 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.844428062 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.844459057 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.844611883 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.844646931 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.844671965 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:41:54.845046997 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.845141888 CET443497254.175.87.197192.168.2.16
                                                                                                              Oct 30, 2024 14:41:54.845199108 CET49725443192.168.2.164.175.87.197
                                                                                                              Oct 30, 2024 14:42:24.287909031 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:24.287967920 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:24.288043022 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:24.298207998 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:24.298233986 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.059823036 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.059911966 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.154442072 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.154478073 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.154833078 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.154932022 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.157257080 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.199361086 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301511049 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301561117 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301589966 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301592112 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301620007 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301641941 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301661968 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301668882 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301668882 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301675081 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301704884 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301728010 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.301948071 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.301990032 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.302151918 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.302206993 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.302237988 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.302258968 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.302263975 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.302289009 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.302308083 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.303742886 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.303911924 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:25.303966999 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.304419994 CET49727443192.168.2.1613.107.5.88
                                                                                                              Oct 30, 2024 14:42:25.304441929 CET4434972713.107.5.88192.168.2.16
                                                                                                              Oct 30, 2024 14:42:26.532335997 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:26.532377005 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:26.534778118 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:26.535013914 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:26.535032034 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.627906084 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.627990961 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.631568909 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.631581068 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.631694078 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.631700039 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.631874084 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.631928921 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.869324923 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.869437933 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.869461060 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.869525909 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.869942904 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:27.869981050 CET4434972951.104.136.2192.168.2.16
                                                                                                              Oct 30, 2024 14:42:27.870038986 CET49729443192.168.2.1651.104.136.2
                                                                                                              Oct 30, 2024 14:42:44.208467960 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:44.208499908 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:44.208700895 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:44.208864927 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:44.208878994 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.076181889 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.076890945 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.076905966 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.078610897 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.078701973 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.081252098 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.081343889 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.082144022 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.082154989 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.133605957 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.255481958 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.255680084 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.256932020 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.256947994 CET4434973152.71.28.102192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.256958961 CET49731443192.168.2.1652.71.28.102
                                                                                                              Oct 30, 2024 14:42:45.299931049 CET4973480192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:42:45.305310965 CET804973413.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.305408001 CET4973480192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:42:45.305581093 CET4973480192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:42:45.311429024 CET804973413.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.056510925 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.056600094 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.056713104 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.056972027 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.057020903 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.917968988 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.918845892 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.918879986 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.920401096 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.920475006 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.921677113 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.921777010 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.962644100 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:49.962677002 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:50.010631084 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:42:59.927819967 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:59.927889109 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:42:59.927946091 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:43:00.443154097 CET49736443192.168.2.16142.250.185.100
                                                                                                              Oct 30, 2024 14:43:00.443172932 CET44349736142.250.185.100192.168.2.16
                                                                                                              Oct 30, 2024 14:43:15.311727047 CET804973413.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:15.311835051 CET4973480192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:15.312299967 CET4973480192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:15.317712069 CET804973413.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:16.348689079 CET4973880192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:16.348802090 CET4973980192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:16.354311943 CET804973813.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:16.354336977 CET804973913.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:16.354396105 CET4973880192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:16.354419947 CET4973980192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:16.354609013 CET4973980192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:16.359927893 CET804973913.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.846196890 CET804973913.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.886909008 CET4973980192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:17.893059015 CET49740443192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:17.893110991 CET4434974013.32.27.94192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.893202066 CET49740443192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:17.893410921 CET49740443192.168.2.1613.32.27.94
                                                                                                              Oct 30, 2024 14:43:17.893426895 CET4434974013.32.27.94192.168.2.16

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Oct 30, 2024 14:41:34.252357960 CET6442553192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:12.188152075 CET138138192.168.2.16192.168.2.255
                                                                                                              Oct 30, 2024 14:42:44.197483063 CET6222253192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:44.197689056 CET6368853192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:44.205359936 CET53533431.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:44.206312895 CET53636881.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:44.206556082 CET53622221.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:44.217602015 CET53603971.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.269104004 CET5309153192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:45.269260883 CET6183453192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET53530911.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:45.297230005 CET53618341.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.047691107 CET5428453192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:49.047842026 CET6309353192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:42:49.055124044 CET53542841.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:42:49.055533886 CET53630931.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.508558035 CET53553641.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.848151922 CET5609253192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:43:17.848324060 CET5028653192.168.2.161.1.1.1
                                                                                                              Oct 30, 2024 14:43:17.880840063 CET53502861.1.1.1192.168.2.16
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET53560921.1.1.1192.168.2.16

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Oct 30, 2024 14:41:34.252357960 CET192.168.2.161.1.1.10x7886Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:44.197483063 CET192.168.2.161.1.1.10x9926Standard query (0)urldefense.comA (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:44.197689056 CET192.168.2.161.1.1.10x4847Standard query (0)urldefense.com65IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.269104004 CET192.168.2.161.1.1.10xdfa2Standard query (0)www.siemens.co.inA (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.269260883 CET192.168.2.161.1.1.10x7441Standard query (0)www.siemens.co.in65IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:49.047691107 CET192.168.2.161.1.1.10xebd7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:49.047842026 CET192.168.2.161.1.1.10xeb5dStandard query (0)www.google.com65IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.848151922 CET192.168.2.161.1.1.10xebc6Standard query (0)www.siemens.co.inA (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.848324060 CET192.168.2.161.1.1.10x3f86Standard query (0)www.siemens.co.in65IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Oct 30, 2024 14:41:13.838579893 CET1.1.1.1192.168.2.160x767bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:13.838579893 CET1.1.1.1192.168.2.160x767bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:34.261320114 CET1.1.1.1192.168.2.160x7886No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:35.145807981 CET1.1.1.1192.168.2.160xa4abNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:35.145807981 CET1.1.1.1192.168.2.160xa4abNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:47.776972055 CET1.1.1.1192.168.2.160xc50cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:41:47.776972055 CET1.1.1.1192.168.2.160xc50cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:44.206556082 CET1.1.1.1192.168.2.160x9926No error (0)urldefense.com52.71.28.102A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:44.206556082 CET1.1.1.1192.168.2.160x9926No error (0)urldefense.com52.204.90.22A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:44.206556082 CET1.1.1.1192.168.2.160x9926No error (0)urldefense.com52.6.56.188A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET1.1.1.1192.168.2.160xdfa2No error (0)www.siemens.co.ind3cvvob82dpuhl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET1.1.1.1192.168.2.160xdfa2No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.94A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET1.1.1.1192.168.2.160xdfa2No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.100A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET1.1.1.1192.168.2.160xdfa2No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.26A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.296358109 CET1.1.1.1192.168.2.160xdfa2No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.68A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:45.297230005 CET1.1.1.1192.168.2.160x7441No error (0)www.siemens.co.ind3cvvob82dpuhl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:49.055124044 CET1.1.1.1192.168.2.160xebd7No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:42:49.055533886 CET1.1.1.1192.168.2.160xeb5dNo error (0)www.google.com65IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.880840063 CET1.1.1.1192.168.2.160x3f86No error (0)www.siemens.co.ind3cvvob82dpuhl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET1.1.1.1192.168.2.160xebc6No error (0)www.siemens.co.ind3cvvob82dpuhl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET1.1.1.1192.168.2.160xebc6No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.94A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET1.1.1.1192.168.2.160xebc6No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.26A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET1.1.1.1192.168.2.160xebc6No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.100A (IP address)IN (0x0001)false
                                                                                                              Oct 30, 2024 14:43:17.892577887 CET1.1.1.1192.168.2.160xebc6No error (0)d3cvvob82dpuhl.cloudfront.net13.32.27.68A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • login.live.com
                                                                                                              • slscr.update.microsoft.com
                                                                                                              • outlookmobile-office365-tas.msedge.net
                                                                                                              • settings.data.microsoft.com
                                                                                                              • urldefense.com
                                                                                                              • www.siemens.co.in

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.164973413.32.27.94807884C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Oct 30, 2024 14:42:45.305581093 CET435OUTGET /STS HTTP/1.1
                                                                                                              Host: www.siemens.co.in
                                                                                                              Connection: keep-alive
                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-US,en;q=0.9


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              1192.168.2.164973913.32.27.9480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Oct 30, 2024 14:43:16.354609013 CET461OUTGET /STS HTTP/1.1
                                                                                                              Host: www.siemens.co.in
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: max-age=0
                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              Oct 30, 2024 14:43:17.846196890 CET804INHTTP/1.1 301 Moved Permanently
                                                                                                              Content-Length: 0
                                                                                                              Connection: keep-alive
                                                                                                              Server: C2 Comms Cloud (6a1cb8da)
                                                                                                              Date: Wed, 30 Oct 2024 13:43:17 GMT
                                                                                                              Location: https://www.siemens.co.in/STS
                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                              Expires: Wed, 30 Oct 2024 13:43:17 GMT
                                                                                                              X-Rule-ID: force-https
                                                                                                              X-Rule-Source: internal
                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              X-LaE-Region: eu-central-1
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-Cache: Miss from cloudfront
                                                                                                              Via: 1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
                                                                                                              X-Amz-Cf-Pop: FRA56-C2
                                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                                              X-Amz-Cf-Id: WXzsraHrRCnT3yneBjx0xHua-NUhQ8D-VqyHG815c7n9wImegpvVrA==


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.164970740.126.32.74443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:16 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                              Connection: Keep-Alive
                                                                                                              Content-Type: application/soap+xml
                                                                                                              Accept: */*
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                              Content-Length: 3592
                                                                                                              Host: login.live.com
                                                                                                              2024-10-30 13:41:16 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                              2024-10-30 13:41:16 UTC569INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-store, no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                                              Expires: Wed, 30 Oct 2024 13:40:16 GMT
                                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              x-ms-route-info: C538_SN1
                                                                                                              x-ms-request-id: cb48cffa-4e68-41ab-b699-e6513bdd6f9d
                                                                                                              PPServer: PPV: 30 H: SN1PEPF0003F5BE V: 0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Date: Wed, 30 Oct 2024 13:41:16 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 11392
                                                                                                              2024-10-30 13:41:16 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.16497084.175.87.197443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:16 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4o16CG2dFkhrV+L&MD=fhyU57l+ HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                              Host: slscr.update.microsoft.com
                                                                                                              2024-10-30 13:41:16 UTC560INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Expires: -1
                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                              MS-CorrelationId: d6ef863a-ca06-4040-8a71-9df818ee8ae6
                                                                                                              MS-RequestId: 6ce33179-c049-44ec-ad89-5e32bf20fab8
                                                                                                              MS-CV: 3JBRLZbKIkinfXli.0
                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Date: Wed, 30 Oct 2024 13:41:16 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 24490
                                                                                                              2024-10-30 13:41:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                              2024-10-30 13:41:16 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.164971240.126.32.74443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:18 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                              Connection: Keep-Alive
                                                                                                              Content-Type: application/soap+xml
                                                                                                              Accept: */*
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                              Content-Length: 4775
                                                                                                              Host: login.live.com
                                                                                                              2024-10-30 13:41:18 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                              2024-10-30 13:41:18 UTC569INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-store, no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                                              Expires: Wed, 30 Oct 2024 13:40:18 GMT
                                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              x-ms-route-info: C538_BAY
                                                                                                              x-ms-request-id: 5bd65aea-f02d-4968-aff0-1f0e114c1e28
                                                                                                              PPServer: PPV: 30 H: PH1PEPF00011E8C V: 0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Date: Wed, 30 Oct 2024 13:41:18 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 11412
                                                                                                              2024-10-30 13:41:18 UTC11412INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.164971340.126.32.74443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                              Connection: Keep-Alive
                                                                                                              Content-Type: application/soap+xml
                                                                                                              Accept: */*
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                              Content-Length: 4775
                                                                                                              Host: login.live.com
                                                                                                              2024-10-30 13:41:19 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                              2024-10-30 13:41:20 UTC569INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-store, no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                                              Expires: Wed, 30 Oct 2024 13:40:19 GMT
                                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              x-ms-route-info: C538_BL2
                                                                                                              x-ms-request-id: dd42e8ee-9393-4fa3-81e5-4fe8ce2ee51b
                                                                                                              PPServer: PPV: 30 H: BL02EPF0001D702 V: 0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Date: Wed, 30 Oct 2024 13:41:19 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 11412
                                                                                                              2024-10-30 13:41:20 UTC11412INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.164971640.126.32.74443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:21 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                              Connection: Keep-Alive
                                                                                                              Content-Type: application/soap+xml
                                                                                                              Accept: */*
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                              Content-Length: 4762
                                                                                                              Host: login.live.com
                                                                                                              2024-10-30 13:41:21 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                              2024-10-30 13:41:21 UTC569INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-store, no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                                              Expires: Wed, 30 Oct 2024 13:40:21 GMT
                                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              x-ms-route-info: C538_BAY
                                                                                                              x-ms-request-id: 1f16f307-60ec-4090-9e72-48b681b5cc8b
                                                                                                              PPServer: PPV: 30 H: PH1PEPF00018BCA V: 0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Date: Wed, 30 Oct 2024 13:41:21 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 10197
                                                                                                              2024-10-30 13:41:21 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.16497254.175.87.197443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:41:54 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4o16CG2dFkhrV+L&MD=fhyU57l+ HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                              Host: slscr.update.microsoft.com
                                                                                                              2024-10-30 13:41:54 UTC560INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Expires: -1
                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                              MS-CorrelationId: 33b65b15-a1d9-4dc4-96fa-589b4459743d
                                                                                                              MS-RequestId: 3fe5881a-7e87-4d1f-b274-d545655fdb5f
                                                                                                              MS-CV: 1sMdYJydN0aN+PFY.0
                                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Date: Wed, 30 Oct 2024 13:41:54 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 30005
                                                                                                              2024-10-30 13:41:54 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                              2024-10-30 13:41:54 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.164972713.107.5.88443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:42:25 UTC530OUTGET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1
                                                                                                              X-OfficeApp-BuildVersion: 16.0.11629.20316
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              X-OfficeApp-Platform: universal
                                                                                                              X-OfficeApp-Language: en-CH
                                                                                                              X-OutlookMobile-Architecture: x64
                                                                                                              X-OutlookMobile-BuildFlavor: ship
                                                                                                              X-OutlookMobile-Environment: Production
                                                                                                              X-OfficeApp-MsoVersion: 10.0.19045
                                                                                                              X-OutlookMobile-HxServiceAccounts: None
                                                                                                              Content-Length: 0
                                                                                                              Content-Encoding: gzip
                                                                                                              Host: outlookmobile-office365-tas.msedge.net
                                                                                                              Connection: Keep-Alive
                                                                                                              Cache-Control: no-cache
                                                                                                              2024-10-30 13:42:25 UTC438INHTTP/1.1 200 OK
                                                                                                              Content-Length: 11251
                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                              ETag: 1849393600_1582350289
                                                                                                              Strict-Transport-Security: max-age=2592000
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-ExP-TrackingId: 44dac4a4-668c-4799-8f1b-c571cf00363c
                                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                                              X-MSEdge-Ref: Ref A: 6E4230518B884217A3CD660E57A99226 Ref B: DFW311000108023 Ref C: 2024-10-30T13:42:25Z
                                                                                                              Date: Wed, 30 Oct 2024 13:42:24 GMT
                                                                                                              Connection: close
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 6f 75 75 6e 69 31 32 32 31 22 2c 22 65 78 70 66 72 66 6c 74 6f 75 75 6e 69 31 32 32 31 22 2c 22 6f 75 66 69 72 31 37 33 31 22 2c 22 6f 75 6d 61 6e 33 32 32 31 22 2c 22 6f 75 75 73 65 36 38 37 31 22 2c 22 6f 75 69 6e 74 31 33 30 31 22 2c 22 6f 75 63 61 6c 38 32 38 31 22 2c 22 6f 75 6d 61 69 31 33 36 31 22 2c 22 6f 75 73 69 6e 37 38 39 31 22 2c 22 6f 75 63 61 6c 34 35 34 31 22 2c 22 6f 75 62 72 65 35 30 30 31 22 2c 22 6f 75 61 74 74 37 31 35 31 22 2c 22 6f 75 68 78 68 36 34 31 31 22 2c 22 6f 75 72 65 70 31 35 39 31 22 2c 22 6f 75 63 61 6c 38 36 38 31 22 2c 22 6f 75 65 6e 68 33 34 37 31 22 2c 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 6f 75 6d 69 63
                                                                                                              Data Ascii: {"Features":["ouuni1221","expfrfltouuni1221","oufir1731","ouman3221","ouuse6871","ouint1301","oucal8281","oumai1361","ousin7891","oucal4541","oubre5001","ouatt7151","ouhxh6411","ourep1591","oucal8681","ouenh3471","oumai8881","ouint2571","oumar9041","oumic
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 6f 75 73 74 6f 37 37 32 31 22 2c 22 6f 75 64 6f 6e 37 30 32 31 22 2c 22 6f 75 65 6e 61 32 34 31 30 22 2c 22 6f 75 73 74 6f 34 37 32 22 2c 22 6f 66 66 6c 69 6e 65 73 65 61 72 63 68 61 76 6f 69 64 61 70 70 6f 69 6e 74 6d 65 6e 74 69 6e 73 74 61 6e 63 65 69 6e 64 65 78 69 6e 67 22 2c 22 6f 6d 69 6e 61 6c 6c 64 6f 6e 65 66 69 78 65 64 22 2c 22 73 68 72 69 6e 6b 74 65 6c 65 6d 65 74 72 79 66 6f 72 6d 65 74 61 64 61 74 61 22 2c 22 6f 75 73 65 61 37 38 31 22 2c 22 6f 75 63 61 6c 32 34 36 22 2c 22 64 69 73 6d 69 73 73 22 2c 22 6f 75 75 73 69 35 35 38 22 2c 22 6f 75 6d 33 36 38 34 30 22 2c 22 6f 75 61 6c 77 34 33 37 22 2c 22 75 6e 65 6e 34 30 34 63 66 22 2c 22 6f 75 75 73 65 73 6d 74 70 63 6c 69 65 6e 74 76 32 22 2c 22 63 6f 6d 70 72 65 73 73 65 64 73 65 72 76 69
                                                                                                              Data Ascii: ousto7721","oudon7021","ouena2410","ousto472","offlinesearchavoidappointmentinstanceindexing","ominalldonefixed","shrinktelemetryformetadata","ousea781","oucal246","dismiss","ouusi558","oum36840","oualw437","unen404cf","ouusesmtpclientv2","compressedservi
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 30 30 31 22 2c 22 31 74 6f 22 3a 22 6f 75 61 74 74 37 31 35 31 22 2c 22 31 74 6d 22 3a 22 6f 75 68 78 68 36 34 31 31 22 2c 22 31 74 6c 22 3a 22 6f 75 72 65 70 31 35 39 31 22 2c 22 31 74 6b 22 3a 22 6f 75 63 61 6c 38 36 38 31 22 2c 22 31 74 69 22 3a 22 6f 75 65 6e 68 33 34 37 31 22 2c 22 31 74 68 22 3a 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 31 74 62 22 3a 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 31 74 61 22 3a 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 31 74 39 22 3a 22 6f 75 6d 69 63 34 31 36 31 22 2c 22 31 74 38 22 3a 22 6f 75 6d 6f 64 39 33 30 31 22 2c 22 31 74 37 22 3a 22 6f 75 6d 75 6c 37 36 39 31 22 2c 22 31 74 35 22 3a 22 6f 75 6e 61 76 37 30 30 31 22 2c 22 31 74 31 22 3a 22 6f 75 73 65 61 37 31 37 31 22 2c 22 31 73 78 22 3a 22 6f 75 73 75 70 33 34 38 31
                                                                                                              Data Ascii: 001","1to":"ouatt7151","1tm":"ouhxh6411","1tl":"ourep1591","1tk":"oucal8681","1ti":"ouenh3471","1th":"oumai8881","1tb":"ouint2571","1ta":"oumar9041","1t9":"oumic4161","1t8":"oumod9301","1t7":"oumul7691","1t5":"ounav7001","1t1":"ousea7171","1sx":"ousup3481
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 34 30 31 22 2c 22 67 36 36 22 3a 22 6f 75 69 6d 6d 32 33 32 31 22 2c 22 67 6a 32 22 3a 22 6f 75 69 6e 6b 33 31 34 31 22 2c 22 67 70 68 22 3a 22 6f 75 65 6d 6f 38 37 36 31 22 2c 22 67 75 30 22 3a 22 6f 75 65 6e 61 34 30 36 31 63 66 22 2c 22 68 31 68 22 3a 22 6f 75 63 61 6c 34 37 35 31 22 2c 22 68 31 69 22 3a 22 6f 75 73 79 6e 37 30 32 31 22 2c 22 68 76 64 22 3a 22 6f 75 73 68 6f 33 36 33 31 22 2c 22 69 6d 74 22 3a 22 6f 75 73 79 6e 33 37 37 31 22 2c 22 6a 35 6b 22 3a 22 6f 75 75 70 73 31 36 35 31 22 2c 22 6a 75 73 22 3a 22 6f 75 64 65 66 36 35 39 31 22 2c 22 6c 33 61 22 3a 22 6f 75 65 6e 68 39 32 38 31 22 2c 22 6d 6b 38 22 3a 22 6f 75 73 79 6e 38 30 37 31 22 2c 22 6d 6c 62 22 3a 22 6f 75 68 78 73 37 33 34 31 22 2c 22 6e 61 6c 22 3a 22 6f 75 73 79 6e 34 33
                                                                                                              Data Ascii: 401","g66":"ouimm2321","gj2":"ouink3141","gph":"ouemo8761","gu0":"ouena4061cf","h1h":"oucal4751","h1i":"ousyn7021","hvd":"ousho3631","imt":"ousyn3771","j5k":"ouups1651","jus":"oudef6591","l3a":"ouenh9281","mk8":"ousyn8071","mlb":"ouhxs7341","nal":"ousyn43
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 6f 67 67 6c 65 5f 73 75 70 70 6f 72 74 70 6f 70 22 2c 22 36 35 69 74 22 3a 22 73 74 6f 70 63 61 6c 65 6e 64 61 72 72 65 6d 69 6e 64 65 72 73 77 68 65 6e 74 6f 67 67 6c 65 64 22 2c 22 36 36 32 65 22 3a 22 6e 65 77 61 70 70 65 78 69 74 61 6c 6c 61 70 70 73 6f 6e 6e 65 77 61 70 70 6c 61 75 6e 63 68 22 2c 22 36 38 61 73 22 3a 22 6e 65 77 61 70 70 70 65 72 6d 61 74 6f 67 67 6c 65 76 69 61 63 61 6c 6c 62 61 63 6b 66 69 6c 65 32 22 2c 22 36 39 74 6a 22 3a 22 6e 65 77 61 70 70 74 6f 67 67 6c 65 63 61 6d 70 61 69 67 6e 66 33 22 2c 22 36 76 63 62 22 3a 22 6e 65 77 61 70 70 75 6e 72 65 67 69 73 74 65 72 62 61 63 6b 74 61 73 6b 73 77 68 65 6e 74 6f 67 67 6c 65 22 2c 22 36 76 77 61 22 3a 22 6e 65 77 61 70 70 75 6e 72 65 67 69 73 74 65 72 62 61 63 6b 74 61 73 6b 73 77
                                                                                                              Data Ascii: oggle_supportpop","65it":"stopcalendarreminderswhentoggled","662e":"newappexitallappsonnewapplaunch","68as":"newapppermatoggleviacallbackfile2","69tj":"newapptogglecampaignf3","6vcb":"newappunregisterbacktaskswhentoggle","6vwa":"newappunregisterbacktasksw
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 46 69 72 73 74 52 75 6e 46 6f 72 54 61 73 6b 62 61 72 41 63 74 69 76 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 45 6e 61 62 6c 65 4c 64 61 70 53 65 72 76 69 63 65 46 6f 72 53 69 67 6e 65 64 43 65 72 74 69 66 69 63 61 74 65 73 22 3a 74 72 75 65 2c 22 45 6e 61 62 6c 65 4d 69 73 73 69 6e 67 44 61 74 46 69 6c 65 4c 6f 67 67 69 6e 67 22 3a 66 61 6c 73 65 2c 22 45 6e 63 6f 75 6e 74 65 72 65 64 54 65 61 63 68 69 6e 67 43 6f 6e 64 69 74 69 6f 6e 73 4c 6f 67 67 69 6e 67 22 3a 74 72 75 65 2c 22 45 6e 68 61 6e 63 65 64 4c 6f 63 61 74 69 6f 6e 55 49 22 3a 74 72 75 65 2c 22 45 6e 68 61 6e 63 65 64 53 79 6e 63 48 65 61 6c 74 68 54 65 6c 65 6d 65 74 72 79 22 3a 74 72 75 65 2c 22 46 65 61 74 75 72 65 50 72 6f 6d 6f 74 69 6f 6e 73 43 6f 6e 74 72 6f 6c 46 6c 69 67 68 74 32
                                                                                                              Data Ascii: FirstRunForTaskbarActivation":false,"EnableLdapServiceForSignedCertificates":true,"EnableMissingDatFileLogging":false,"EncounteredTeachingConditionsLogging":true,"EnhancedLocationUI":true,"EnhancedSyncHealthTelemetry":true,"FeaturePromotionsControlFlight2
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 6e 73 69 74 79 22 3a 74 72 75 65 2c 22 4d 69 63 72 6f 73 6f 66 74 54 6f 44 6f 4c 61 75 6e 63 68 65 72 22 3a 74 72 75 65 2c 22 4d 6f 64 65 72 6e 51 75 69 63 6b 49 74 65 6d 22 3a 74 72 75 65 2c 22 4d 75 6c 74 69 54 65 72 6d 57 6f 72 64 48 69 74 48 69 67 68 6c 69 67 68 74 69 6e 67 22 3a 74 72 75 65 2c 22 4e 61 76 50 61 6e 65 41 64 73 22 3a 74 72 75 65 2c 22 4e 61 76 50 61 6e 65 44 65 6e 73 69 74 79 22 3a 74 72 75 65 2c 22 4e 61 76 50 61 6e 65 50 72 6f 6d 6f 74 69 6f 6e 54 65 78 74 32 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 41 6c 6c 6f 77 41 75 74 6f 54 6f 67 67 6c 65 53 75 70 70 6f 72 74 50 6f 70 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 44 69 73 61 6c 6c 6f 77 41 75 74 6f 54 6f 67 67 6c 65 56 69 61 43 61 6c 6c 62 61 63 6b 46 69 6c 65 22 3a 74 72 75 65 2c
                                                                                                              Data Ascii: nsity":true,"MicrosoftToDoLauncher":true,"ModernQuickItem":true,"MultiTermWordHitHighlighting":true,"NavPaneAds":true,"NavPaneDensity":true,"NavPanePromotionText2":true,"NewAppAllowAutoToggleSupportPop":true,"NewAppDisallowAutoToggleViaCallbackFile":true,
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 72 63 68 53 75 67 67 65 73 74 69 6f 6e 73 55 49 49 6d 70 72 6f 76 65 6d 65 6e 74 73 22 3a 74 72 75 65 2c 22 53 65 61 72 63 68 54 6f 70 52 65 73 75 6c 74 73 22 3a 74 72 75 65 2c 22 53 65 6e 64 45 6d 70 74 79 41 61 64 54 6f 6b 65 6e 42 72 6f 6b 65 72 53 63 6f 70 65 22 3a 74 72 75 65 2c 22 53 65 72 76 69 63 65 44 65 6c 69 76 65 72 79 4f 66 54 65 61 63 68 69 6e 67 43 6f 6e 74 65 6e 74 73 22 3a 74 72 75 65 2c 22 53 68 61 72 65 43 61 6c 65 6e 64 61 72 55 49 22 3a 74 72 75 65 2c 22 53 68 6f 75 6c 64 55 70 67 72 61 64 65 54 6f 52 53 33 22 3a 74 72 75 65 2c 22 53 68 6f 77 4e 61 76 50 61 6e 65 54 6f 44 6f 53 77 69 74 63 68 65 72 22 3a 74 72 75 65 2c 22 53 68 6f 77 4f 75 74 6c 6f 6f 6b 4d 6f 62 69 6c 65 50 72 6f 6d 6f 49 6e 41 63 63 6f 75 6e 74 73 41 6c 6c 44 6f 6e
                                                                                                              Data Ascii: rchSuggestionsUIImprovements":true,"SearchTopResults":true,"SendEmptyAadTokenBrokerScope":true,"ServiceDeliveryOfTeachingContents":true,"ShareCalendarUI":true,"ShouldUpgradeToRS3":true,"ShowNavPaneToDoSwitcher":true,"ShowOutlookMobilePromoInAccountsAllDon
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 6c 22 3a 74 72 75 65 2c 22 55 73 65 42 6c 75 72 65 64 49 6d 61 67 65 4f 6e 46 69 72 73 74 52 75 6e 22 3a 74 72 75 65 2c 22 55 73 65 48 74 6d 6c 50 72 6f 63 65 73 73 6f 72 46 6f 72 42 6f 64 79 50 72 6f 63 65 73 73 69 6e 67 22 3a 74 72 75 65 2c 22 55 73 65 48 74 74 70 52 65 71 75 65 73 74 73 49 6e 73 74 65 61 64 4f 66 53 6f 63 6b 65 74 73 22 3a 74 72 75 65 2c 22 55 73 65 4e 65 6f 6e 22 3a 74 72 75 65 2c 22 55 73 65 53 6d 74 70 43 6c 69 65 6e 74 76 32 22 3a 74 72 75 65 2c 22 55 73 65 53 54 4c 4c 69 62 72 61 72 79 49 6e 49 6e 64 65 78 50 61 67 65 22 3a 74 72 75 65 2c 22 55 73 65 54 68 69 6e 53 65 6c 65 63 74 69 6f 6e 49 6e 64 69 63 61 74 6f 72 46 6f 72 4e 65 6f 6e 22 3a 74 72 75 65 2c 22 55 73 69 6e 67 41 70 70 4c 6f 63 61 6c 65 4e 61 6d 65 22 3a 74 72 75 65
                                                                                                              Data Ascii: l":true,"UseBluredImageOnFirstRun":true,"UseHtmlProcessorForBodyProcessing":true,"UseHttpRequestsInsteadOfSockets":true,"UseNeon":true,"UseSmtpClientv2":true,"UseSTLLibraryInIndexPage":true,"UseThinSelectionIndicatorForNeon":true,"UsingAppLocaleName":true
                                                                                                              2024-10-30 13:42:25 UTC1024INData Raw: 30 3b 6f 75 69 6e 74 37 38 35 31 3a 32 36 31 37 38 31 3b 6f 75 73 68 61 35 37 34 31 3a 32 39 38 39 30 39 3b 6f 75 73 69 6d 34 36 37 31 3a 33 30 34 36 37 34 3b 6f 75 73 6b 69 34 33 37 31 3a 32 36 32 36 35 35 3b 6f 75 66 69 72 33 32 32 31 3a 32 36 32 36 36 32 3b 6f 75 73 65 61 38 34 39 31 3a 33 31 33 38 30 31 3b 6f 75 63 61 6c 33 32 36 31 3a 33 30 32 32 33 37 3b 6f 75 6a 75 6e 36 35 37 31 3a 32 38 32 32 33 39 3b 6f 75 63 61 6c 31 30 37 31 3a 33 39 32 39 33 32 3b 6f 75 66 69 72 33 37 37 31 3a 33 30 31 38 33 38 3b 6f 75 68 74 6d 37 34 39 31 3a 33 30 38 38 34 38 3b 6f 75 69 6d 6d 34 38 31 31 3a 33 30 30 31 36 36 34 39 3b 6f 75 63 61 6c 32 35 39 31 3a 33 38 36 34 35 37 3b 6f 75 6d 65 73 37 32 37 31 3a 32 39 38 39 36 33 3b 6f 75 75 73 65 37 37 31 31 3a 33 31 32
                                                                                                              Data Ascii: 0;ouint7851:261781;ousha5741:298909;ousim4671:304674;ouski4371:262655;oufir3221:262662;ousea8491:313801;oucal3261:302237;oujun6571:282239;oucal1071:392932;oufir3771:301838;ouhtm7491:308848;ouimm4811:30016649;oucal2591:386457;oumes7271:298963;ouuse7711:312


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.164972951.104.136.2443
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:42:27 UTC409OUTGET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=B5786FF8-3453-4616-B94D-5348C714CD0F&ring=7 HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              User-Agent: microsoft.windowscommunicationsapps
                                                                                                              Accept-Language: en-CH
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Host: settings.data.microsoft.com
                                                                                                              Connection: Keep-Alive
                                                                                                              2024-10-30 13:42:27 UTC560INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-cache,no-store
                                                                                                              Content-Length: 194
                                                                                                              Content-Type: application/json;charset=utf-8
                                                                                                              ETag: 263:AE654997ABC9A917
                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Content-Security-Policy: script-src https://settings-sandbox.data.microsoft.com https://settings-ppe.data.microsoft.com https://settings.data.microsoft.com http://onesettings-xbox-rp.com https://settings-win.data.microsoft.com
                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                              Date: Wed, 30 Oct 2024 13:42:27 GMT
                                                                                                              Connection: close
                                                                                                              2024-10-30 13:42:27 UTC194INData Raw: 7b 22 72 65 66 72 65 73 68 49 6e 74 65 72 76 61 6c 22 3a 22 32 36 33 22 2c 22 71 75 65 72 79 55 72 6c 22 3a 22 2f 73 65 74 74 69 6e 67 73 2f 76 32 2e 30 2f 6f 66 66 69 63 65 2f 6f 6c 78 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 41 4c 4c 4f 57 47 4d 41 49 4c 41 44 44 41 43 43 4f 55 4e 54 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 4f 46 46 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 4f 46 46 22 3a 22 31 30 30 22 7d 7d
                                                                                                              Data Ascii: {"refreshInterval":"263","queryUrl":"/settings/v2.0/office/olx","settings":{"ALLOWGMAILADDACCOUNT":"0","FORCEGMAILHANDBACK":"0","FORCEGMAILHANDOFF":"0","FORCEHANDBACK":"0","FORCEHANDOFF":"100"}}


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.164973152.71.28.1024437884C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-10-30 13:42:45 UTC794OUTGET /v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$ HTTP/1.1
                                                                                                              Host: urldefense.com
                                                                                                              Connection: keep-alive
                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Sec-Fetch-Site: none
                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                              Sec-Fetch-User: ?1
                                                                                                              Sec-Fetch-Dest: document
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-10-30 13:42:45 UTC356INHTTP/1.1 302 Found
                                                                                                              Date: Wed, 30 Oct 2024 13:42:45 GMT
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Location: http://www.siemens.co.in/STS
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-Robots-Tag: noindex, nofollow
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Security-Policy: default-src 'self';


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:09:41:08
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
                                                                                                              Imagebase:0x330000
                                                                                                              File size:34'446'744 bytes
                                                                                                              MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:09:41:11
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45854816-28C8-43AE-B3A1-5B9CB7FCBAD7" "FD07CE83-88CA-4AAB-98D5-8B666B516E2F" "2900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                              Imagebase:0x7ff778ad0000
                                                                                                              File size:710'048 bytes
                                                                                                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:09:41:19
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\C6SGVVAC\CoC- _.pdf"
                                                                                                              Imagebase:0x7ff7b3520000
                                                                                                              File size:5'641'176 bytes
                                                                                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:09:41:20
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                              Imagebase:0x7ff6a9b60000
                                                                                                              File size:3'581'912 bytes
                                                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:09:41:21
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,2850293778313205684,17181352970453802899,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                              Imagebase:0x7ff6a9b60000
                                                                                                              File size:3'581'912 bytes
                                                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:09:42:22
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
                                                                                                              Imagebase:0x7ff731ef0000
                                                                                                              File size:2'486'784 bytes
                                                                                                              MD5 hash:6F8EAC2C377C8F16D91CB5AC8B8DBF5F
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:09:42:25
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
                                                                                                              Imagebase:0x7ff765180000
                                                                                                              File size:274'432 bytes
                                                                                                              MD5 hash:6FEB00C9A2C3FF66230658B3012BAB6A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:23
                                                                                                              Start time:09:42:42
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__http:/www.siemens.co.in/STS__;!!I_DbfM1H!AjGI2sfLm_pi02LFMHdVXfhDyY6ofvT-HghH4SPU0JomjiizbnHNsjCNBzHkgiUlGLWiiEuz9pw8wZJiOUq_7luqeQ$
                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:24
                                                                                                              Start time:09:42:43
                                                                                                              Start date:30/10/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1804,i,11570297093855634459,16413912245633909466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              No disassembly