Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
000001 (5).jpg

Overview

General Information

Sample name:000001 (5).jpg
Analysis ID:1566841
MD5:8379568464d8a4253eb8623701ad8c04
SHA1:6b457dadfcc171b39fcb2028b4e51aef8f61322f
SHA256:326390f2e71521df5d9f2e6f49dcb51ec0119faa146c48fe03a78c55f386913f
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • AccountsControlHost.exe (PID: 1828 cmdline: "C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe" -ServerName:App.AppX20qnn98vxw5bhxrjtb1f6rggecb2k15a.mca MD5: B5771BB2E606873149277940FFB4BCB5)
  • WWAHost.exe (PID: 1228 cmdline: "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa MD5: 69318AE264A1E45ED570CEDCDC4B7B69)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 152.199.21.175 152.199.21.175
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: global trafficHTTP traffic detected: GET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: text/css,*/*;q=0.1Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1Origin: https://login.live.comReferer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: text/css,*/*;q=0.1Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: lgincdnvzeuno.azureedge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q-i7i0Kw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: text/css,*/*;q=0.1Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1Origin: https://login.live.comReferer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: text/css,*/*;q=0.1Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: lgincdnvzeuno.azureedge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q-i7i0Kw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: logincdn.msftauth.net
Source: WWAHost.exe, 0000000D.00000003.1974444710.000002402D2BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/2005125-21
Source: WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: WWAHost.exe, 0000000D.00000002.2127909312.0000024055CFD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C9000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js.13.drString found in binary or memory: http://knockoutjs.com/
Source: WWAHost.exe, 0000000D.00000003.1489501355.000002402D230000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2012513223.000002402D710000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2002316240.000002402D1B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/purpose
Source: WWAHost.exe, 0000000D.00000003.1490172665.000002402D112000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#
Source: WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#n
Source: WWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: WWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policytory
Source: WWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/.dll
Source: WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5BC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.json.org/json2.js
Source: WWAHost.exe, 0000000D.00000002.2127909312.0000024055CFD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C9000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js.13.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory-ppe.windowsazure.com/
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.com/
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.us/
Source: WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live-int.com/
Source: WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/
Source: WWAHost.exe, 0000000D.00000003.1543648028.000002403FA60000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2063597888.000002403FA5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ChangePassword?uaid=b62f4fbb6d6345d6b8e48b4581689b9969adc3c768bd4dc08c19416
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533090323.0000024040B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ResetPassword.aspx?id=80604&platform=Windows10&client_id=S-1-15-2-222695769
Source: WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/query.aspx?uaid=b62f4fbb6d6345d6b8e48b4581689b99&mkt=EN-GB&lc=2057&id=80604
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A1E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2052563822.000002403F3D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/username/recover?id=80604&mkt=EN-GB&lc=2057&uaid=b62f4fbb6d6345d6b8e48b4581
Source: WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net/
Source: WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msftauth.net
Source: WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999548030.000002402D096000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msftauth.net/
Source: WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 0000000D.00000002.2000454561.000002402D113000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/:Thu
Source: WWAHost.exe, 0000000D.00000003.1550101738.000002403F5AC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/https://lgincdnmsftuswe2.azureedge.net/https://acctcdnvzeuno.
Source: WWAHost.exe, 0000000D.00000002.2000454561.000002402D113000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnvzeuno.azureedge.net/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live-int.com/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live.com/
Source: WWAHost.exe, 0000000D.00000002.2127909312.0000024055CFD000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js.13.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: WWAHost.exe, 0000000D.00000002.2086459255.0000024040FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 0000000D.00000003.1550101738.000002403F5AC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/:Mon
Source: WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1995695601.0000024029400000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1974444710.000002402D2BD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://lginc
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://login
Source: WWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssly
Source: WWAHost.exe, 0000000D.00000002.1995695601.0000024029400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csspz
Source: WWAHost.exe, 0000000D.00000003.1543648028.000002403FA60000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2063597888.000002403FA5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/https://lgincdnmsftuswe2.azureedge.net/b62f4fbb6d6345d6b8e48b458
Source: WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnvzeuno.azureedge.net/j
Source: WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live-int.com/
Source: WWAHost.exe, 0000000D.00000002.2186347937.0000024057956000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2186764883.0000024057979000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2186347937.0000024057960000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1926279426.0000024057920000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2187972994.00000240579C2000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2205816020.00000240586F9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1996597640.0000024029462000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2129808328.0000024055DD6000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1815578119.000002403F9FF000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1702955783.000002403F9F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: WWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/-
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//js/cloudDomainJoin.js
Source: WWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/CDoc.TopLevelNavigation
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2187972994.00000240579C2000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetCredentialType.srf?id=80604&platform=Windows10&id=80604&clientid=S-1-15-2-
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetSessionState.srf?platform=Windows10&id=80604&clientid=S-1-15-2-2226957697-
Source: WWAHost.exe, 0000000D.00000002.2094734352.000002404519B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/Windows.UI.WebUI.SuspendingEventArgs
Source: WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/cookiesDisabled.srf?uaid=b62f4fbb6d6345d6b8e48b4581689b99&mkt=EN-GB&lc=2057
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/cookiesDisabled.srf?uaid=b62f4fbb6d6345d6b8e48b4581689b99&mkt=EN-GB&lc=2057ht
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/h
Source: WWAHost.exe, 0000000D.00000003.1655092917.0000024040870000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/jsDisabled.srf?mkt=EN-GB&lc=2057&uaid=b62f4fbb6d6345d6b8e48b4581689b99
Source: WWAHost.exe, 0000000D.00000002.2187877759.00000240579B1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533090323.0000024040B6B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1985552175.00000238267E3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2094236482.0000024045136000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf%3fplatform%3dWindows10%26id%3d80604%26clientid%3dS-1
Source: WWAHost.exe, 0000000D.00000002.2000833331.000002402D159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clienti
Source: WWAHost.exe, 0000000D.00000003.1533090323.0000024040B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?platform=Windows10&id=80604&clientid=S-1-
Source: WWAHost.exe, 0000000D.00000003.1543568434.000002403F3D9000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2052563822.000002403F3D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?platform=Windows10&id=80604&clientid=S-1-15-2-222695
Source: WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2114441817.00000240558D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/post.srf?mkt=en-GB&platform=Windows10&id=80604&clientid=S-1-15-2-222
Source: WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/t/
Source: WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/t;
Source: WWAHost.exe, 0000000D.00000002.2024208970.000002403E166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline-ppe.com/WebApp/NextGenCredentials/
Source: WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/CloudDomainJoin/
Source: WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/ConnectAADAccount/ion4.-3&
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceDisplayName/
Source: WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceSubscription/
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/NextGenCredentials/
Source: WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/
Source: WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/Auto
Source: WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/Wind
Source: WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 0000000D.00000002.2024589629.000002403E170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/WindowsLogon/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/ost
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/ost
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/
Source: WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/AutoPilot/A
Source: WWAHost.exe, 0000000D.00000002.2015226443.000002402D810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/CloudDomainJoin/https://login.microsoftonline.com/WebApp/OtaDom
Source: WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/ConnectAADAccount/https://login.windows-ppe.net/WebApp/CloudDom
Source: WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceDisplayName/ms-appx-web://microsoft.cloudexperiencehost.t
Source: WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceSubscription/
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceSubscription/tmlms-appx://microsoft.windows.cloudexperien
Source: WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/NextGenCredentials/
Source: WWAHost.exe, 0000000D.00000002.2015226443.000002402D810000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/
Source: WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/https://login.windows-ppe.net/WebApp/WindowsLogon
Source: WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 0000000D.00000002.2024589629.000002403E170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/WindowsLogon/
Source: WWAHost.exe, 0000000D.00000002.1999548030.000002402D096000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1635219498.000002403DC6C000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/
Source: WWAHost.exe, 0000000D.00000002.2059475704.000002403F7F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/https://logincdn.msftauth.net/Windows.Storage.ApplicationData
Source: WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1975817843.0000024040AEC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1635219498.000002403DC6C000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/
Source: WWAHost.exe, 0000000D.00000002.2076288143.0000024040A1E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000.30405.9/agreements/privacy/en-gb/privacy.txt?x=16.000.30405.9
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000.30405.9/agreements/tou/en-oed/TOU.txt?x=16.000.30405.9
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1982224079.00000238266C1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css3
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css3l
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css8
Source: WWAHost.exe, 0000000D.00000003.1745438737.000002405843F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://lgincdnvzeu
Source: WWAHost.exe, 0000000D.00000002.1998933578.000002402D049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csstware
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssx
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssy
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2056378952.000002403F5CD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2066762633.0000024040243000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2066373568.0000024040220000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2130067460.0000024055DF3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1655092917.0000024040870000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040AAB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2057040675.000002403F5D5000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999362547.000002402D081000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5CC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1982224079.00000238266E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q
Source: WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2063597888.000002403FA5D000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1655092917.0000024040870000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2188106991.00000240579CE000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5CC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1982224079.00000238266E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js
Source: WWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js2.css
Source: WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/
Source: WWAHost.exe, 0000000D.00000002.2094236482.0000024045121000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2136356977.0000024056020000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1771492777.0000024058438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1
Source: WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b3
Source: WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80
Source: WWAHost.exe, 0000000D.00000002.2094236482.0000024045121000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031
Source: WWAHost.exe, 0000000D.00000002.2108189703.0000024045780000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2094236482.0000024045121000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb
Source: WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_white_b71098d9cfa668f68191671
Source: WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_white_f024dc0422bf3c64a9cb960
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2160120603.0000024056980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2160120603.0000024056980000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999362547.000002402D081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/picker_account_msa_7a63b3ce03943629f052226aa
Source: WWAHost.exe, 0000000D.00000002.2205816020.00000240586E6000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1771492777.0000024058438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab
Source: WWAHost.exe, 0000000D.00000002.2056378952.000002403F5CD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2066373568.0000024040220000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1655092917.0000024040870000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5CC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1982224079.00000238266E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js
Source: WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js(
Source: WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js8
Source: WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.jsh
Source: WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.jsx
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2086459255.0000024040FA0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2188106991.00000240579CE000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js3
Source: WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsIvD7nbPy0DBHw2.js-i
Source: WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jss
Source: WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742103
Source: WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742115
Source: WWAHost.exe, 0000000D.00000003.1489281122.000002402D0C3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2002316240.000002402D1B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=21748634&_a=edit
Source: WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1974444710.000002402D297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=8705838&_a=edit)
Source: WWAHost.exe, 0000000D.00000002.2000669273.000002402D128000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App1
Source: WWAHost.exe, 0000000D.00000002.2000669273.000002402D128000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App2
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live.com/
Source: WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live-int.com/windows/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/windows/
Source: WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://password.ccsctp.com/
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.microsoftonline.com/
Source: WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-int.com/
Source: WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-ppe.com/
Source: WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live-int.com/
Source: WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/
Source: WWAHost.exe, 0000000D.00000002.2185852902.0000024057934000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup?platform=Windows10&id=80604&clientid=S-1-15-2-2226957697-3030467180-2
Source: WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tip.passwordreset.microsoftonline.com/
Source: WWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/dhpP
Source: WWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/mmx
Source: WWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ntp
Source: WWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ntpC:
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: classification engineClassification label: clean2.winJPG@2/16@1/1
Source: C:\Windows\System32\WWAHost.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RLLV1W2J\microsoft.windows[1].xmlJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe "C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe" -ServerName:App.AppX20qnn98vxw5bhxrjtb1f6rggecb2k15a.mca
Source: unknownProcess created: C:\Windows\System32\WWAHost.exe "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.accountscontrol.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaext.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgehtml.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: chakra.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuuc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuin.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rometadata.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgemanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgeiso.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: profext.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cloudexperiencehostcommon.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wuceffects.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: webruntimemanager.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountwamextension.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountextension.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: aadauthhelper.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptngc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.http.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: webauthn.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: globinputhost.dllJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 240283A0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 240291B0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 240292B0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2402D440000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2402D480000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2402D940000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2402DA60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403DDC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403DF00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403DF60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403E440000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403E480000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403E6D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403E8A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403EAB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403EBF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403ED60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403EF20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F1B0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F2B0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F6D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F940000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403FB10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24040860000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24040EA0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2402DB50000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403DC60000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F810000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 2403F890000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24045200000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24040280000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24045300000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 240402A0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24045400000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24045500000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24055910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24055A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24055A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 24055A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: WWAHost.exe, 0000000D.00000002.1981495973.0000023826673000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXT9-VMWare
Source: WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sdx.microsoft-int.com/0%Avira URL Cloudsafe
https://sdx.microsoft-ppe.com/0%Avira URL Cloudsafe
https://signup.live-int.com/0%Avira URL Cloudsafe
https://tip.passwordreset.microsoftonline.com/0%Avira URL Cloudsafe
https://account.activedirectory.windowsazure.cn/0%Avira URL Cloudsafe
https://microsoft.visualstudio.com/OS/_workitems/edit/207421150%Avira URL Cloudsafe
https://onedrive.live-int.com/windows/0%Avira URL Cloudsafe
https://microsoft.visualstudio.com/OS/_workitems?id=21748634&_a=edit0%Avira URL Cloudsafe
https://buy.live-int.com/0%Avira URL Cloudsafe
https://login.microsoftonline-ppe.com/WebApp/NextGenCredentials/0%Avira URL Cloudsafe
https://account.activedirectory-ppe.windowsazure.com/0%Avira URL Cloudsafe
https://account.live-int.com/0%Avira URL Cloudsafe
https://oloobe.officeapps.live-int.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sni1gl.wpc.alphacdn.net
152.199.21.175
truefalse
    		high
    logincdn.msftauth.net
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.giffalse
        		high
        https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsfalse
          		high
          https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.giffalse
            		high
            https://logincdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svgfalse
              		high
              https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svgfalse
                		high
                https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsfalse
                  		high
                  https://logincdn.msftauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q-i7i0Kw2.jsfalse
                    		high
                    https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssfalse
                      		high
                      https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svgfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://login.microsoftonline.com/WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://account.live.com/query.aspx?uaid=b62f4fbb6d6345d6b8e48b4581689b99&mkt=EN-GB&lc=2057&id=80604WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://requirejs.org/docs/errors.html#WWAHost.exe, 0000000D.00000003.1490172665.000002402D112000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://tip.passwordreset.microsoftonline.com/WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://account.live.com/username/recover?id=80604&mkt=EN-GB&lc=2057&uaid=b62f4fbb6d6345d6b8e48b4581WWAHost.exe, 0000000D.00000002.2076288143.0000024040A1E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2052563822.000002403F3D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.jsWWAHost.exe, 0000000D.00000002.2086459255.0000024040FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.msn.com/spartan/ntpWWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.json.org/json2.jsWWAHost.exe, 0000000D.00000002.1999861145.000002402D0C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b3WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.msn.com/spartan/ntpC:WWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://sdx.microsoft-int.com/WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://login.microsoftonline.com/WebApp/WindowsLogon/WWAHost.exe, 0000000D.00000002.2024589629.000002403E170000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css3lWWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://login.windows-ppe.net/WebApp/AutoPilot/AWWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://mysite.com/Apps/App1WWAHost.exe, 0000000D.00000002.2000669273.000002402D128000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://login.windows-ppe.net/WebApp/NextGenCredentials/WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://mysite.com/Apps/App2WWAHost.exe, 0000000D.00000002.2000669273.000002402D128000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://logincdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jssWWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://logincdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1WWAHost.exe, 0000000D.00000002.2094236482.0000024045121000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2136356977.0000024056020000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1771492777.0000024058438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://sdx.microsoft-ppe.com/WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://signup.live-int.com/WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://account.live.com/ChangePassword?uaid=b62f4fbb6d6345d6b8e48b4581689b9969adc3c768bd4dc08c19416WWAHost.exe, 0000000D.00000003.1543648028.000002403FA60000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2063597888.000002403FA5D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://microsoft.visualstudio.com/OS/_workitems/edit/20742115WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/wsdl/.dllWWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://acctcdn.msftauth.net/WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999548030.000002402D096000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://login.windows-ppe.net/WebApp/OtaDomainJoin/WWAHost.exe, 0000000D.00000002.2015226443.000002402D810000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702WWAHost.exe, 0000000D.00000003.1974444710.000002402D2BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://login.microsoftonline.com/WebApp/CloudDomainJoin/WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://login.microsoftonline.com/WebApp/UnifiedEnrollment/WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://logincdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8abWWAHost.exe, 0000000D.00000002.2205816020.00000240586E6000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1771492777.0000024058438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://account.activedirectory.windowsazure.cn/WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://buy.live.com/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssyWWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://buy.live-int.com/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.com/douglascrockford/JSON-jsWWAHost.exe, 0000000D.00000002.2127909312.0000024055CFD000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js.13.drfalse
                                                                                		high
                                                                                https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/WindWWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://onedrive.live.com/windows/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssxWWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://login.windows-ppe.net/WebApp/CloudDomainJoin/https://login.microsoftonline.com/WebApp/OtaDomWWAHost.exe, 0000000D.00000002.2015226443.000002402D810000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://passport.net/purposeWWAHost.exe, 0000000D.00000003.1489501355.000002402D230000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2012513223.000002402D710000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2002316240.000002402D1B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js2.cssWWAHost.exe, 0000000D.00000002.2077572648.0000024040ACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://login.windows.net/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csstwareWWAHost.exe, 0000000D.00000002.1998933578.000002402D049000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.opensource.org/licenses/mit-license.php)WWAHost.exe, 0000000D.00000002.2127909312.0000024055CFD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999861145.000002402D0C9000.00000004.00000020.00020000.00000000.sdmp, Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js.13.drfalse
                                                                                                  		high
                                                                                                  https://password.ccsctp.com/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/wsdl/soap12/WWAHost.exe, 0000000D.00000002.2056378952.000002403F5B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5BC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://lgincdnvzeuWWAHost.exe, 0000000D.00000003.1745438737.000002405843F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://login.microsoftonline.de/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://passwordreset.microsoftonline.com/WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/wsdl/WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://login.microsoftonline.com/WebApp/DeviceSubscription/WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://login.partner.microsoftonline.cn/WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://login.live-int.com/WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://logincdn.msftauth.net/16.000.30405.9/agreements/privacy/en-gb/privacy.txt?x=16.000.30405.9WWAHost.exe, 0000000D.00000002.2076288143.0000024040A1E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://logincdn.msftauth.net/shared/1.0/content/images/picker_account_msa_7a63b3ce03943629f052226aaWWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2160120603.0000024056980000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999362547.000002402D081000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://onedrive.live-int.com/windows/WWAHost.exe, 0000000D.00000002.2037367102.000002403EB50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://docs.oasis-open.org/ws-sx/ws-trust/2005125-21WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://account.activedirectory.windowsazure.com/WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://login.microsoftonline.com/WebApp/DeviceDisplayName/WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/09/policytoryWWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://logincdn.msftauth.net/shared/1.0/WWAHost.exe, 0000000D.00000003.1532794863.0000024040B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://login.microsoftonline.us/ostWWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.msn.com/spartan/mmxWWAHost.exe, 0000000D.00000002.1982879120.00000238266E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://account.activedirectory.windowsazure.us/WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js8WWAHost.exe, 0000000D.00000002.2078584237.0000024040B4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://microsoft.visualstudio.com/OS/_workitems?id=21748634&_a=editWWAHost.exe, 0000000D.00000003.1489281122.000002402D0C3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2002316240.000002402D1B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustWWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css3WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://acctcdn.msftauth.netWWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://logincdn.msftauth.net/WWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1635219498.000002403DC6C000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.00000240404B0000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2069952912.00000240404AE000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2078009095.0000024040B1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css8WWAHost.exe, 0000000D.00000002.2069308477.000002404045B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1533171764.000002404045A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://login.windows.localWWAHost.exe, 0000000D.00000002.1999548030.000002402D096000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1490172665.000002402D106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/07/securitypolicyWWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js(WWAHost.exe, 0000000D.00000002.2060487548.000002403F853000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://login.microsoftonline.com/WebApp/ConnectAADAccount/ion4.-3&WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://logincdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcbWWAHost.exe, 0000000D.00000002.2108189703.0000024045780000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2094236482.0000024045121000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://logincdn.msftauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2qWWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2056378952.000002403F5CD000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2066762633.0000024040243000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2066373568.0000024040220000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2130067460.0000024055DF3000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1655092917.0000024040870000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076884579.0000024040AAB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2057040675.000002403F5D5000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2000833331.000002402D139000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1997618060.00000240294CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1999362547.000002402D081000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1550101738.000002403F5CC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1982224079.00000238266E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://logincdn.msftauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbcWWAHost.exe, 0000000D.00000002.2027929595.000002403E2C7000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2160120603.0000024056980000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://login.microsoftonline.com/WebApp/NextGenCredentials/WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2038749653.000002403EBD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://login.microsoftonline-ppe.com/WebApp/NextGenCredentials/WWAHost.exe, 0000000D.00000002.2024208970.000002403E166000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://account.activedirectory-ppe.windowsazure.com/WWAHost.exe, 0000000D.00000002.1981077297.0000023826641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://login.windows-ppe.net/WebApp/DeviceSubscription/WWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://signup.live.com/signup?platform=Windows10&id=80604&clientid=S-1-15-2-2226957697-3030467180-2WWAHost.exe, 0000000D.00000002.2185852902.0000024057934000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdWWAHost.exe, 0000000D.00000002.2069041711.0000024040444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.microsoftonline.com/WebApp/AutoWWAHost.exe, 0000000D.00000002.2014411576.000002402D7B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://oloobe.officeapps.live-int.com/WWAHost.exe, 0000000D.00000002.2014639499.000002402D7D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://account.live-int.com/WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/09/policyWWAHost.exe, 0000000D.00000002.2027005517.000002403E26E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://logincdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80WWAHost.exe, 0000000D.00000002.1996889839.0000024029490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://signup.live.com/WWAHost.exe, 0000000D.00000002.2023886655.000002403E130000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2015512711.000002402D830000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.1981792938.0000023826695000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://logincdn.msftauth.netWWAHost.exe, 0000000D.00000002.2076884579.0000024040A33000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000003.1975817843.0000024040AEC000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000000D.00000002.2076288143.0000024040A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    152.199.21.175
                                                                                                                                                                                    		sni1gl.wpc.alphacdn.netUnited States
                                                                                                                                                                                    		15133EDGECASTUSfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                    Analysis ID:1566841
                                                                                                                                                                                    Start date and time:2024-12-02 18:27:07 +01:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 4m 59s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:17
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:000001 (5).jpg
                                                                                                                                                                                    Detection:CLEAN
                                                                                                                                                                                    Classification:clean2.winJPG@2/16@1/1

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, Microsoft.Photos.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.190.177.82, 20.190.177.19, 20.190.147.1, 20.190.177.147, 20.190.147.9, 20.190.147.2, 20.190.177.146, 20.190.147.5, 52.168.117.170
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, data-edge.smartscreen.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, lgincdnvzeuno.ec.azureedge.net, browser.events.data.trafficmanager.net, nav.smartscreen.microsoft.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, lgincdnvzeuno.azureedge.net, browser.events.data.microsoft.com, login.live.com, onedscolprdeus13.eastus.cloudapp.azure.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                    • VT rate limit hit for: 000001 (5).jpg

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    12:28:09API Interceptor23x Sleep call for process: WWAHost.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    152.199.21.175SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.ballthingsez.com/co63/
                                                                                                                                                                                    http://cdn.ayc0zsm69431gfebd.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • cdn.ayc0zsm69431gfebd.xyz/favicon.ico
                                                                                                                                                                                    http://cdn.ayc0zsm69431gfebd.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • cdn.ayc0zsm69431gfebd.xyz/favicon.ico
                                                                                                                                                                                    yx8DBT3r5r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • www.mobilityconsignment.com/W4C1yQ.php?m=xl59elj25q8m

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    sni1gl.wpc.alphacdn.nethttps://arkansasbaptist.info/o360/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://stoorm5.activehosted.com/content/PNNm1e/2024/11/29/296d9a00-ab7c-413b-8445-d50603229893.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://public-fra.mkt.dynamics.com/api/orgs/85a8c477-bea7-ef11-8a66-0022483994f9/r/MKSqoVs73k-RUO5uHPfRswIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-fra.mkt.dynamics.com%252F85a8c477-bea7-ef11-8a66-0022483994f9%252Fdigitalassets%252Fstandaloneforms%252F46042089-b8ac-ef11-a72d-6045bd6e29e8%22%2C%22RedirectOptions%22%3A%7B%226%22%3A%22mktprf9fb729cc84d74db3bce9a30da7409e87eoprf%22%2C%221%22%3Anull%7D%7D&digest=juexwq7Jl6DCR7CneIIynCjAtNPRJ1FxLmm99rnbDLA%3D&secretVersion=02e7c83d621d4269af2f08a8e4e233cfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    FW_ Fwd_ Voice Mail Message - 5TH Judicial Circuit.emlGet hashmaliciousLure-BasedAttack, HTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    RMHdBSlo.emlGet hashmaliciousCredentialStealerBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://citiscapegroupae-my.sharepoint.com/:li:/g/personal/asekhar_citiscapegroup_com/E9U24ACMrctKoLKfReMWVjMBfxodtw3c4oUIHo4oyReVhg?e=SgIv5D&xsdata=MDV8MDJ8ZGVyZWsuZGVscG9ydEBvbnRoZWRvdC5jby56YXw5ZWEzNzFkNDdmNTM0YzE2Yjg5YTA4ZGQwZTAwZjY1OXwxMGRjN2M5NjU5NzY0NjAxODgyYzlhYzdjMjg3MGVjY3wxfDB8NjM4NjgyMTE5NTE1MDk3NDExfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=S3JqYzUxeUd4SmtWMEVWUzBMU3JUREpWTEJiN3VmeFVrY09ucElOZDRzaz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    Garfieldnj Benefit and Pay Increase.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://tmacog-my.sharepoint.com/:f:/g/personal/bechsteinm_tmacog_org/EhlK4Xsd02RCkKBp5naSkjkBOE0y5JIGJchJIGq_xqq50Q?e=5%3abaznzS&at=9&xsdata=MDV8MDJ8Ymhvb3BlckBiZ3N1LmVkdXwxYTg0MTFlMjdjMzQ0NWU4MTcwZjA4ZGQwZDZiOGQzM3xjZGNiNzI5ZDUxMDY0ZDdjYjc1YmEzMGM0NTVkNWIwYXwwfDB8NjM4NjgxNDc3ODAwNDk3OTg2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=VldHeThDNE1GNDFhUVA3VUJFZzEwL2JHVDN6U1BIcVM3bzE4cklKOGVJbz0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTczMjguMjA2MTIiLCAiT1MiIDogIldpbmRvd3MiIH0%3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    http://www.urbanerecycling.comGet hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    View_alert_details IJPI.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    EDGECASTUSATT4802.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 192.229.133.221
                                                                                                                                                                                    https://www.yamajifactory.com/products/-blocks?adr_sou=Facebook&adr_con=scsjchymyyxgs136x&adr_ter=1747260705659006&adr_camId=120212709087730561&adr_adsetId=120212709088740561&adr_adId=120212709088200561&adr_camName=%E5%8F%98%E8%84%B8%E7%A7%AF%E6%9C%A8-%E7%A9%BA-241105-10%E7%BE%8E%E9%87%91+-+%E5%B9%BF%E5%91%8A%E5%89%AF%E6%9C%AC&adr_adsetName=%E7%A9%BA&adr_adName=1&fbclid=IwY2xjawG5dOBleHRuA2FlbQEwAGFkaWQBqxTSdVwj4QEdhDiYdyfw0MIu-_Lo4d4m7akVHEnikvJvX5tkNnnCz6_J__eLEz3mVKk8_aem_PKTifAkeMTNORNhDxlyTuAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 192.229.221.25
                                                                                                                                                                                    https://a.rs6.net/1/pc?ep=e4f2f4ad2c30fbb2SK2ZyQxbsE02cV3UOfuPD-JxSRgUD6Y86mFtUF3WRqjeuMrz9o3Xbb320wCTDsWWUHuFG0qWroCiniptiREBdHyyzdrPc45m6t-HBEB7SZ8gZX4dYr4o80JwDUJz1eSGQlrcb9as_P_3jZu-t-DrRTdQARm9vPjp5IAqdyzm4bLxpaVnP8_0eRiLoUggvzge&c=$%7bContact.encryptedContactId%7dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://secure_sharing0utlook.wesendit.com/dl/ON6fQWpNLtFc53e1u/bWlrZS5zbGVpZ2h0QGtlbXRpbGUuY28udWsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://nischatalks.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZkZmwwLnVzJTJGcyUyRmM0MTJmMDEzJTNGZW0lM0RkaWxpcC5tYXRoZXclNDBjYXNhLmdvdi5hdQ==&sig=F28J3VAL72g8YRkFLWUvhqFSBag5sKdkQKwMeDdTvDbT&iat=1732885424&a=%7C%7C226329423%7C%7C&account=nischatalks.activehosted.com&email=4Tp4HabxiWO4pvz6roguRO3SDqvOBrDfqzRC3S4QX3U%3D&s=075f541518f72bd1137bd07bd6bf86a5&i=444A374A1A2736Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 192.229.221.25
                                                                                                                                                                                    http://demo.specialistbanking.co.uk/ad.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.195.15.58
                                                                                                                                                                                    mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                    pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                    sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                    • 152.199.65.22
                                                                                                                                                                                    https://connect-customization-8722.my.site.com/mystore/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    6271f898ce5be7dd52b0fc260d0662b3Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://secure_sharing0utlook.wesendit.com/dl/ON6fQWpNLtFc53e1u/bWlrZS5zbGVpZ2h0QGtlbXRpbGUuY28udWsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                    https://aysesuretobea.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 152.199.21.175

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\72HOFR41\2_11d9e3bcdfede9ce5ce5ace2d129f1c4[1].svg

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1864
                                                                                                                                                                                    Entropy (8bit):5.222032823730197
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                                                                                                                                                                    MD5:BC3D32A696895F78C19DF6C717586A5D
                                                                                                                                                                                    SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                                                                                                                                                    SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                                                                                                                                                    SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\72HOFR41\Converged_v22057_mG-wAdV--_sq1kXms675SA2[1].css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (61112)
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):111517
                                                                                                                                                                                    Entropy (8bit):5.283488463851382
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:IpHDgan7CPw+kGDazA/PWrF7qvEAFiQcpmFKg0IJ0yVU/9:yIr2yVUF
                                                                                                                                                                                    MD5:986FB001D57EFBFB2AD645E6B3AEF948
                                                                                                                                                                                    SHA1:A1590F0BC684D395A6179FB915DEECA3A9321D89
                                                                                                                                                                                    SHA-256:DE304CB4D64E769DD16A7B4500603205D2606FE0877DD046460C7B8DF06A31B3
                                                                                                                                                                                    SHA-512:0C5599773904A45552E241E9E7723BD6CDC0A3B71A05145553942E27450E8E706C128C918FC6B5599F9BB55EEA1FA6B9801D78FD4D95292E24709CD90FB9A7CC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. */./*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\72HOFR41\microsoft_logo_564db913a7fa0ca42727161c6d031bef[1].svg

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3651
                                                                                                                                                                                    Entropy (8bit):4.094801914706141
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
                                                                                                                                                                                    MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                                                                                                                                                                    SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                                                                                                                                                                    SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                                                                                                                                                                    SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\GMCXXDTK\Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2[1].js

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (64616)
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):488937
                                                                                                                                                                                    Entropy (8bit):5.4510900848603665
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:ZhHgjUNdqa/iL1QLsxBSzJLUUirhl1kVR01Sxk1UuXXTI:ZhAR24uVLcm4k
                                                                                                                                                                                    MD5:B7273977EDD8908BC3EE76CFCB40C11F
                                                                                                                                                                                    SHA1:39A6DCE4076557A299A17EA14B7CE9C9C6D35EEA
                                                                                                                                                                                    SHA-256:7D0B46AE9F672462390C00EB25BBFB780B3991E6650D58C4BE803372050C9F4B
                                                                                                                                                                                    SHA-512:37721FE438B48C5FD5805F2F881C43D210E90A9EEFCD7342226345B548913CC8A12A97B55C1A02B1939C34BC0204FB374C64CC0707F15843B4340CF670125D8B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,a=n[0],r=n[1],s=0,c=[];s<a.length;s++)

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\GMCXXDTK\signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6[1].svg

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1592
                                                                                                                                                                                    Entropy (8bit):4.205005284721148
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:ztSAS1OtmCtc7aIVmt4yyR9S2lKUyDWwh:RoOtmCtc7aCmVQHSRh
                                                                                                                                                                                    MD5:4E48046CE74F4B89D45037C90576BFAC
                                                                                                                                                                                    SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                                                                                                                                                                    SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                                                                                                                                                                    SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\GOPNT4EG\ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q-i7i0Kw2[1].js

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (32359)
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38737
                                                                                                                                                                                    Entropy (8bit):5.172420373193738
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:qsIjgDKmrFvv91/LBt0joigiNfmWKy+d/Png07NJSDRhAnFFgmhDgQny:q9mrlv91TBt0joigiNfmWKy+d/Png07U
                                                                                                                                                                                    MD5:C4A2D8A4F477713CF51B6ABE8BB8B42B
                                                                                                                                                                                    SHA1:82A09AF90939776FAB8AB2CF6ABDC793922A64F2
                                                                                                                                                                                    SHA-256:00F747E1C02B1B5FE4A3B149DD9E83E766AF2DCBA989B0E7D2CDD347E8541D6C
                                                                                                                                                                                    SHA-512:9ECE505FDD60E7499DFB0D526D3406F6EB89EB399EBD74EC85EF049B56C865D187AAB11D94987438D771E1A1EAB3A55AE378967DA209D36EC8C82E16ABC1E3D9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:!function(e){function o(i){if(n[i])return n[i].exports;var t=n[i]={exports:{},id:i,loaded:!1};return e[i].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){var i=n(1),t=n(5),r=n(4),a=t.StringsVariantId;i.registerSource("str",function(e,o){switch(e.MOBILE_STR_Header_Brand="Microsoft account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",o.aF){case a.CombinedSigninSignup:e.WF_STR_HeaderDefault_Title="Hi there!";break;case a.CombinedSigninSignupV2WelcomeTitle:e.WF_STR_HeaderDefault_Title="Welcome";break;default:e.WF_STR_HeaderDefault_Title=o.DT}if(o.C&&o.C.friendlyAppName){var n=o.Co?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=r.format(n,o.C.friendlyAppName)}switch(o.aF){case a.SkypeMoveAlias:e.WF_STR_Default_Desc="To continue, verify the password for your Microsoft account.";break;case a.CombinedSigninSignup:case a.CombinedSigninSignupDefaultTitle:e.WF_STR_Default_Desc='This work

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\GOPNT4EG\WinJS_vcvx4TydCFioSeM4NLxTDw2[1].js

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (32032), with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):168824
                                                                                                                                                                                    Entropy (8bit):5.403041370649555
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:22KXX5H23sda+tLIQP2aBHAHnAEA/9zL9zt6R2f2mfzN:22K9B5ns2/
                                                                                                                                                                                    MD5:BDCBF1E13C9D0858A849E33834BC530F
                                                                                                                                                                                    SHA1:5CFEBACFF659D5304E551EE5CB856557DA4209DD
                                                                                                                                                                                    SHA-256:3989FE38739BBA3E3DD9D60C4364D9DCCA55F44A1B1786DE77F97F17CA0EF21B
                                                                                                                                                                                    SHA-512:4EA4FE3058DBDCF3E4A876F30624CA9D7E3B98AE60A2DFD28892D0615674DFE95229AA65AD25DB2C0E2BAFF988EED7114128118156EE6AE1910B9E6C7CF6E513
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:/*! ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------....This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. ....WinJS....Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License.txt in the project root for license information.....Provided for Informational Purposes Only....MIT License ....Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Softw

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):49120
                                                                                                                                                                                    Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Ztt:T
                                                                                                                                                                                    MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                    SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                    SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                    SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\RE0I21MA\Converged_v22057_mG-wAdV--_sq1kXms675SA2[1].css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (61112)
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):111517
                                                                                                                                                                                    Entropy (8bit):5.283488463851382
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:IpHDgan7CPw+kGDazA/PWrF7qvEAFiQcpmFKg0IJ0yVU/9:yIr2yVUF
                                                                                                                                                                                    MD5:986FB001D57EFBFB2AD645E6B3AEF948
                                                                                                                                                                                    SHA1:A1590F0BC684D395A6179FB915DEECA3A9321D89
                                                                                                                                                                                    SHA-256:DE304CB4D64E769DD16A7B4500603205D2606FE0877DD046460C7B8DF06A31B3
                                                                                                                                                                                    SHA-512:0C5599773904A45552E241E9E7723BD6CDC0A3B71A05145553942E27450E8E706C128C918FC6B5599F9BB55EEA1FA6B9801D78FD4D95292E24709CD90FB9A7CC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. */./*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\RE0I21MA\marching_ants_986f40b5a9dc7d39ef8396797f61b323[1].gif

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 352 x 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3620
                                                                                                                                                                                    Entropy (8bit):6.867828878374734
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                                                                                                                                                                    MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                                                                                                                                                    SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                                                                                                                                                    SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                                                                                                                                                    SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\RE0I21MA\marching_ants_white_8257b0707cbe1d0bd2661b80068676fe[1].gif

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:GIF image data, version 89a, 352 x 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2672
                                                                                                                                                                                    Entropy (8bit):6.640973516071413
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                                                                                                                                                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                                                                                                                                                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                                                                                                                                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                                                                                                                                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\RE0I21MA\oneDs_f2e0f4a029670f10d892[1].js

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):190152
                                                                                                                                                                                    Entropy (8bit):5.348678574819375
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:0+mTq9mTuZEOHEXp6WXWkYVlMBMwMlJNbdffVv6GhL+rUWxa:STekBWkYVdLlJNbr6m+rUGa
                                                                                                                                                                                    MD5:4877EFC88055D60953886EC55B04DE34
                                                                                                                                                                                    SHA1:2341B026A3E2A3B01AFA1A39D1706840D75E09B3
                                                                                                                                                                                    SHA-256:8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
                                                                                                                                                                                    SHA-512:625844EDC37594D5C2F7622BD1B59278BF68ABB2FA22476C56826433C961C7B1924858A7588F8B6284D3C5AC8738ECB895EEC949DE18667A98C04A59CB03DAC0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(window.telemetry_webpackJsonp=window.telemetry_webpackJsonp||[]).push([[2],[,,,function(e,t,n){"use strict";n.r(t),n.d(t,"ValueKind",(function(){return r.e})),n.d(t,"EventLatency",(function(){return r.a})),n.d(t,"EventPersistence",(function(){return r.b})),n.d(t,"TraceLevel",(function(){return r.d})),n.d(t,"AppInsightsCore",(function(){return i.a})),n.d(t,"BaseCore",(function(){return d})),n.d(t,"_ExtendedInternalMessageId",(function(){return r.f})),n.d(t,"EventPropertyType",(function(){return r.c})),n.d(t,"ESPromise",(function(){return g})),n.d(t,"ESPromiseScheduler",(function(){return C})),n.d(t,"ValueSanitizer",(function(){return I})),n.d(t,"NotificationManager",(function(){return E.a})),n.d(t,"BaseTelemetryPlugin",(function(){return S.a})),n.d(t,"ProcessTelemetryContext",(function(){return N.a})),n.d(t,"MinChannelPriorty",(function(){return w.a})),n.d(t,"EventsDiscardedReason",(function(){return P.a})),n.d(t,"DiagnosticLogger",(function(){return c.a})),n.d(t,"LoggingSeverity",(fun

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\J7E7MWJW\login.live[1].xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                    Entropy (8bit):2.469670487371862
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                    MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                    SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                    SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                    SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<root></root>

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RLLV1W2J\microsoft.windows[1].xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                    Entropy (8bit):2.469670487371862
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                    MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                    SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                    SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                    SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<root></root>

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                    Entropy (8bit):0.8083251803572817
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:x74WVKn6lDuUbwB7nigw/+wB7kLpOhnaHCZnWsR:dJs+87Y7kD
                                                                                                                                                                                    MD5:488B5EEC7186AB4F311ADF6D6A6F6351
                                                                                                                                                                                    SHA1:FEEFD119F0726D36A714CF59FE41E2A36692EAC7
                                                                                                                                                                                    SHA-256:3166FC22C1277651F68B7D272C3FA07E4BD15768BB5E259B107F05432629D795
                                                                                                                                                                                    SHA-512:7E80245E46A727B1E0387D39D0A7351780DEFEEE90D8AFC952A2A38AA6778CA428F21D1189893B4D7196EBCCFB91F7FFCDB0C5C1147CC5EDDCF95D409B9D4484
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:regf........b.Q.7.................. ...........1.h.2.t.x.y.e.w.y.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmR"8..D..............................................................................................................................................................................................................................................................................................................................................5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                    Entropy (8bit):0.8478425417406572
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:J174WirG17n6lDuUbwB7nigw/+wB7kLpOhnaHCZnWsR:bJWUj+87Y7kD
                                                                                                                                                                                    MD5:9BD6518B073A5C1DE6E505DF7C644C3B
                                                                                                                                                                                    SHA1:E5FA9DE2A5CF8FDD88C25B9F16AD2A20F381C61F
                                                                                                                                                                                    SHA-256:E74A9F299A56434663695F49189A44A05152B50F50B61B77968FFD06EE260E03
                                                                                                                                                                                    SHA-512:A45492D981C4000E43456B56E03593A5A43C78574B0445300219503D8565642404AA42E8A537A8FC666D5EC6360A1527A5E02960CBDC85ADED775F785E5331D7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:regf........b.Q.7.................. ...........1.h.2.t.x.y.e.w.y.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmR"8..D..............................................................................................................................................................................................................................................................................................................................................3...HvLE.....................8&..f..x..~............hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk ....4...................................h...............2...............SHARE_CONTAINER.p...sk..x...x.......t.......H...X.............4.........?.......................

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 100x100, components 1
                                                                                                                                                                                    Entropy (8bit):4.011801808000533
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • JFIF JPEG Bitmap (4007/3) 50.02%
                                                                                                                                                                                    • JPEG Bitmap (3003/1) 37.49%
                                                                                                                                                                                    • MP3 audio (1001/1) 12.50%
                                                                                                                                                                                    File name:000001 (5).jpg
                                                                                                                                                                                    File size:203 bytes
                                                                                                                                                                                    MD5:8379568464d8a4253eb8623701ad8c04
                                                                                                                                                                                    SHA1:6b457dadfcc171b39fcb2028b4e51aef8f61322f
                                                                                                                                                                                    SHA256:326390f2e71521df5d9f2e6f49dcb51ec0119faa146c48fe03a78c55f386913f
                                                                                                                                                                                    SHA512:21c3380f4c83c4b2a3222fdaf119d1fe93ad0802fc9882f6108c57063b39ef00736b532d467ca7fbf8a16457c7b721cae7e3e01a66e47924ca106998d0a55908
                                                                                                                                                                                    SSDEEP:3:nStkblB3mTxtB+WY8HGHQAM85ZJlWTqTtBhhk//skklAalf8:dbb36OW/mfM8plWTqRXhjkklq
                                                                                                                                                                                    TLSH:36D02B4B2E05BD04CD422F3445332D38134418131E21978903C17D1C3C4CDC000212D1
                                                                                                                                                                                    File Content Preview:......JFIF.....d.d.....C................................... $.' ",#..(7),01444.'9=82<.342......d.d.........................................................?............................................?..

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:74f0f0e4c6d6e0e4

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 2, 2024 18:28:14.608072042 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:14.608114004 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:14.608201027 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:14.608530998 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:14.608544111 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.401627064 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.401770115 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.405695915 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.405710936 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.405829906 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.405837059 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.405945063 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.406002998 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.910537004 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.910626888 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961030960 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961052895 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961081982 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961133957 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961163044 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961182117 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:16.961225986 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.139345884 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.139367104 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.139458895 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.139483929 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.139537096 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.179924011 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.179941893 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.180035114 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.180064917 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.180120945 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.306103945 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.306128025 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.306237936 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.306271076 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.306324005 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.335145950 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.335177898 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.335288048 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.335325956 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.335375071 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.358181000 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.358197927 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.358295918 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.358319998 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.358366013 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.375963926 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376009941 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376048088 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376063108 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376111031 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376247883 CET49710443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.376267910 CET44349710152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.572983027 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.573030949 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:17.573124886 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.573517084 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:17.573529959 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.393224955 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.393347979 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396612883 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396630049 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396760941 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396769047 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396907091 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.396959066 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.910592079 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.910681963 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967585087 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967595100 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967644930 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967674971 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967691898 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967711926 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:19.967742920 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.155874014 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.155904055 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.156059027 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.156101942 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.156147003 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.234086037 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.234112978 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.234226942 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.234257936 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.234302998 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.336302042 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.336335897 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.336800098 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.336831093 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.336880922 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.373452902 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.373485088 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.373615980 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.373650074 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.373698950 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.395457983 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.395482063 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.395641088 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.395652056 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.395697117 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.411624908 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.411712885 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.411731958 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.411761045 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.411822081 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.414625883 CET49711443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.414659977 CET44349711152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.475663900 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.475719929 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.475852966 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.477758884 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.477770090 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.479532003 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.479593039 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:20.479676008 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.481333971 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:20.481345892 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.347661018 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.347781897 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.348321915 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.348331928 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.348622084 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.348627090 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.349575996 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.349677086 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.349984884 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.349993944 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.350842953 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.350847006 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.880337000 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.880434990 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.881663084 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.881721020 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930327892 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930341005 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930385113 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930437088 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930459023 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930494070 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.930512905 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932033062 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932041883 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932068110 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932120085 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932147026 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932158947 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:22.932193041 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.126969099 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.126992941 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.127135038 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.127171040 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.127233028 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131705999 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131730080 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131804943 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131839037 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131865025 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.131885052 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154608965 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154689074 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154710054 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154747009 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154824018 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154843092 CET44349713152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154855013 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.154882908 CET49713443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169648886 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169677973 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169740915 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169754982 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169800997 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.169816971 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.316570997 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.316603899 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.316754103 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.316775084 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.316843987 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.469880104 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.469906092 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.470042944 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.470079899 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.470151901 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.494879007 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.494901896 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.494993925 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.495007992 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.495052099 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.523742914 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.523766994 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.523848057 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.523860931 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.523905039 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.551789999 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.551819086 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.551929951 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.551943064 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.551987886 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.576441050 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.576462984 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.576571941 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.576611996 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.576663017 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.606637955 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.606663942 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.606760025 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.606774092 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.606847048 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.613847971 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.613943100 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.613945961 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.613992929 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.614052057 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.614075899 CET44349712152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.614093065 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.614120960 CET49712443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.682616949 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.682682037 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:23.682826042 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.683093071 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:23.683104992 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498089075 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498202085 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498657942 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498673916 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498898983 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:25.498904943 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.022820950 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.022895098 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065432072 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065440893 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065485001 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065532923 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065548897 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065587997 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.065608025 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.264733076 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.264764071 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.264950991 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.264970064 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.265010118 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.311913967 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.311939955 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.312057972 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.312066078 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.312102079 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667526007 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667540073 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667593002 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667635918 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667664051 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667694092 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.667711973 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673306942 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673325062 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673374891 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673382044 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673413038 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.673432112 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.679193974 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.679213047 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.679332972 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.679341078 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.679389954 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.686062098 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.686078072 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.686146021 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.686158895 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.686204910 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.691832066 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.691848993 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.691915989 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.691925049 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.691971064 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801479101 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801498890 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801584005 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801626921 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801640034 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.801673889 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826025009 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826047897 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826097965 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826126099 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826143026 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.826167107 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.844593048 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.844610929 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.844790936 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.844815016 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.844924927 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.864284992 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.864303112 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.864460945 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.864469051 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.864559889 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.885317087 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.885334969 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.885467052 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.885473967 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.885535955 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.901665926 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.901686907 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.901901007 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.901910067 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.901993990 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.921792030 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.921812057 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.921885014 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.921895027 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.921941042 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939829111 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939846039 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939884901 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939934969 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939945936 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.939990997 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960011005 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960030079 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960098982 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960125923 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960143089 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.960181952 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.981663942 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.981687069 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.981766939 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.981795073 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.981838942 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.996922970 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.996947050 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.997010946 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.997023106 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:26.997056007 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:26.997087002 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.038796902 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.038815975 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.039011955 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.039041042 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.039091110 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.049523115 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.049540997 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.049638033 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.049659967 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.049711943 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.056809902 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.056824923 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.056895971 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.056904078 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.056952000 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.064125061 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.064141035 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.064215899 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.064237118 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.064287901 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.070751905 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.070766926 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.070836067 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.070843935 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.070885897 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.077320099 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.077341080 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.077418089 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.077425957 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.077469110 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.083848953 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.083863020 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.083933115 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.083954096 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.083996058 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.090607882 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.090622902 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.090703964 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.090720892 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.090770960 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.097157001 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.097172976 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.097259998 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.097282887 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.097330093 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.105488062 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.105503082 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.105581045 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.105590105 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.105640888 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110398054 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110452890 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110476971 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110486984 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110517025 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110534906 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110660076 CET49714443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.110677004 CET44349714152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.214473963 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.214530945 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:27.214646101 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.214915037 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:27.214935064 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.088098049 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.088200092 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.088768959 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.088783979 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.089015007 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.089024067 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.622518063 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.622625113 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670159101 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670167923 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670221090 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670248032 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670264006 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670289040 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.670312881 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.866050959 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.866074085 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.866190910 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.866226912 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.866307020 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.905976057 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.905996084 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.906071901 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:29.906085014 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:29.906130075 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.056180954 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.056200981 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.056369066 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.056404114 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.056485891 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.081343889 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.081366062 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.081497908 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.081507921 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.081577063 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.101913929 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.101933956 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.102077961 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.102087021 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.102165937 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.121499062 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.121515036 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.121661901 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.121673107 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.121751070 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.259999037 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.260023117 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.260091066 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.260119915 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.260170937 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.260190010 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.278580904 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.278599977 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.278672934 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.278698921 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.278747082 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.295773029 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.295790911 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.295875072 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.295886040 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.295955896 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306823969 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306843042 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306904078 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306914091 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306969881 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.306993961 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313683033 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313733101 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313752890 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313774109 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313810110 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313955069 CET49716443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.313972950 CET44349716152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.655133009 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.655172110 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.655289888 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.655601978 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.655615091 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.658667088 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.658731937 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:30.658813000 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.659090996 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:30.659106016 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.437905073 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.437983036 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.439232111 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.439249992 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.439558983 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.439565897 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.550748110 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.550832987 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.551230907 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.551246881 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.551532030 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.551537037 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.957876921 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.957945108 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.958936930 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.958993912 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:32.959002018 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:32.959044933 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.096695900 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.096769094 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097034931 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097081900 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097094059 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097107887 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097137928 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.097167969 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.120104074 CET49717443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.120105982 CET49718443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.120122910 CET44349717152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.120142937 CET44349718152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.135442019 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.135464907 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:33.135535955 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.135833025 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:33.135849953 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:34.979619026 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:34.979691982 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:34.981379986 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:34.981390953 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:34.981869936 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:34.981874943 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:35.504698992 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:35.504785061 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:35.504944086 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:35.504997969 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505003929 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505049944 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505052090 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505099058 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505812883 CET49719443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:35.505826950 CET44349719152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614437103 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614496946 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614603996 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614654064 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614708900 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614778042 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614887953 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.614900112 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:51.615008116 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:51.615025043 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.429187059 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.429307938 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.429816008 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.429827929 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430085897 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430092096 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430305004 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430366039 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430746078 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430752993 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430974960 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.430979967 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953087091 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953176975 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953238964 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953295946 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953301907 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.953351974 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.954087019 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.954149008 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.954421997 CET49720443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.954446077 CET44349720152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955410004 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955461979 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955471992 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955507040 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955545902 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955563068 CET44349721152.199.21.175192.168.2.16
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955573082 CET49721443192.168.2.16152.199.21.175
                                                                                                                                                                                    Dec 2, 2024 18:28:53.955624104 CET49721443192.168.2.16152.199.21.175

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 2, 2024 18:28:14.466284990 CET6487753192.168.2.161.1.1.1
                                                                                                                                                                                    Dec 2, 2024 18:28:14.607167006 CET53648771.1.1.1192.168.2.16

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 2, 2024 18:28:14.466284990 CET192.168.2.161.1.1.10x3b07Standard query (0)logincdn.msftauth.netA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 2, 2024 18:28:14.607167006 CET1.1.1.1192.168.2.160x3b07No error (0)logincdn.msftauth.netscdn38c07.wpc.9da5e.alphacdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 2, 2024 18:28:14.607167006 CET1.1.1.1192.168.2.160x3b07No error (0)scdn38c07.wpc.9da5e.alphacdn.netsni1gl.wpc.alphacdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 2, 2024 18:28:14.607167006 CET1.1.1.1192.168.2.160x3b07No error (0)sni1gl.wpc.alphacdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 2, 2024 18:28:17.571934938 CET1.1.1.1192.168.2.160x5ccdNo error (0)scdn38c07.wpc.9da5e.alphacdn.netsni1gl.wpc.alphacdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 2, 2024 18:28:17.571934938 CET1.1.1.1192.168.2.160x5ccdNo error (0)sni1gl.wpc.alphacdn.net152.199.21.175A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • https:
                                                                                                                                                                                      • logincdn.msftauth.net
                                                                                                                                                                                      • lgincdnvzeuno.azureedge.net

                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.1649710152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:16 UTC563OUTGET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:16 UTC735INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21816159
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: oTDwl5648ok7TkQmOkDK+Q==
                                                                                                                                                                                    Content-Type: text/css
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:16 GMT
                                                                                                                                                                                    Etag: 0x8DC076C14BD9F4E
                                                                                                                                                                                    Last-Modified: Thu, 28 Dec 2023 06:13:16 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/790F)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 6c297c23-101e-0042-2474-7edf33000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 111517
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:16 UTC15667INData Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 0a 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64
                                                                                                                                                                                    Data Ascii: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
                                                                                                                                                                                    2024-12-02 17:28:17 UTC16383INData Raw: 2c 2e 63 6f 6c 2d 6d 64 2d 31 30 2c 2e 63 6f 6c 2d 6c 67 2d 31 30 2c 2e 63 6f 6c 2d 78 73 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6c 67 2d 31 31 2c 2e 63 6f 6c 2d 78 73 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6c 67 2d 31 32 2c 2e 63 6f 6c 2d 78 73 2d 31 33 2c 2e 63 6f 6c 2d 73 6d 2d 31 33 2c 2e 63 6f 6c 2d 6d 64 2d 31 33 2c 2e 63 6f 6c 2d 6c 67 2d 31 33 2c 2e 63 6f 6c 2d 78 73 2d 31 34 2c 2e 63 6f 6c 2d 73 6d 2d 31 34 2c 2e 63 6f 6c 2d 6d 64 2d 31 34 2c 2e 63 6f 6c 2d 6c 67 2d 31 34 2c 2e 63 6f 6c 2d 78 73 2d 31 35 2c 2e 63 6f 6c 2d 73 6d 2d 31 35 2c 2e 63 6f 6c 2d 6d 64 2d 31 35 2c 2e 63 6f 6c 2d 6c 67 2d 31 35 2c 2e 63 6f 6c 2d 78 73 2d 31 36 2c 2e
                                                                                                                                                                                    Data Ascii: ,.col-md-10,.col-lg-10,.col-xs-11,.col-sm-11,.col-md-11,.col-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12,.col-xs-13,.col-sm-13,.col-md-13,.col-lg-13,.col-xs-14,.col-sm-14,.col-md-14,.col-lg-14,.col-xs-15,.col-sm-15,.col-md-15,.col-lg-15,.col-xs-16,.
                                                                                                                                                                                    2024-12-02 17:28:17 UTC16383INData Raw: 36 2e 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 35 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 30 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 36 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 37 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 39 2e 31 36 36 36 37 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 38 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 33 2e 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 37 2e 35 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 31 2e 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 31 7b 6d 61 72
                                                                                                                                                                                    Data Ascii: 6.66667%}.col-xl-offset-5{margin-left:20.83333%}.col-xl-offset-6{margin-left:25%}.col-xl-offset-7{margin-left:29.16667%}.col-xl-offset-8{margin-left:33.33333%}.col-xl-offset-9{margin-left:37.5%}.col-xl-offset-10{margin-left:41.66667%}.col-xl-offset-11{mar
                                                                                                                                                                                    2024-12-02 17:28:17 UTC16383INData Raw: 6c 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 2c 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 64 2c 2e 74 61 62 6c 65 3e 74 62 6f 64 79 3e 74 72 3e 74 68 2c 2e 74 61 62 6c 65 3e 74 62 6f 64 79 3e 74 72 3e 74 64 2c 2e 74 61 62 6c 65 3e 74 66 6f 6f 74 3e 74 72 3e 74 68 2c 2e 74 61 62 6c 65 3e 74 66 6f 6f 74 3e 74 72 3e 74 64 7b 70 61 64 64 69 6e 67 3a 31 36 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 6f 74 74 6f 6d 7d 2e 74 61 62 6c 65 3e 63 61 70 74 69 6f 6e 2b 74 68 65 61 64 3e 74 72 3a 66 69 72 73 74 2d 63 68 69 6c 64 3e 74 68 2c
                                                                                                                                                                                    Data Ascii: le{width:100%;max-width:100%}.table>thead>tr>th,.table>thead>tr>td,.table>tbody>tr>th,.table>tbody>tr>td,.table>tfoot>tr>th,.table>tfoot>tr>td{padding:16px;vertical-align:top}.table>thead>tr>th{vertical-align:bottom}.table>caption+thead>tr:first-child>th,
                                                                                                                                                                                    2024-12-02 17:28:17 UTC16383INData Raw: 6c 28 22 53 65 67 6f 65 20 55 49 20 42 6f 6c 64 22 29 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 6c 6f 63 61 6c 28 22 53 65 67 6f 65 20 55 49 20 49 74 61 6c 69 63 22 29 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 73 72 63 3a 6c 6f 63 61 6c 28 22 53 65 67 6f 65 20 55 49 20 42 6f 6c 64 20 49 74 61 6c 69 63 22 29 7d 61 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65
                                                                                                                                                                                    Data Ascii: l("Segoe UI Bold")}@font-face{font-family:"Segoe UI Webfont";font-style:italic;font-weight:400;src:local("Segoe UI Italic")}@font-face{font-family:"Segoe UI Webfont";font-style:italic;font-weight:700;src:local("Segoe UI Bold Italic")}a:focus{outline-offse
                                                                                                                                                                                    2024-12-02 17:28:17 UTC16383INData Raw: 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 69 6d 65 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 77 65 65 6b 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 73 65 6c 65 63 74 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 30 36 37 62 38 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 74 65 78 74 2d 69 6e 70 75 74 2d 68 61 73 2d 65 72 72
                                                                                                                                                                                    Data Ascii: ]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="text"]:focus,input[type="time"]:focus,input[type="url"]:focus,input[type="week"]:focus,textarea:focus,select:focus{border-color:#0067b8;background-color:transparent}.text-input-has-err
                                                                                                                                                                                    2024-12-02 17:28:17 UTC13935INData Raw: 61 79 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4e 65 77 20 54 61 69 20 4c 75 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 50 68 61 67 73 50 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f 6c 69 61 6e 20 42 61 69 74 69 22 2c 22 4d 56 20 42 6f 6c 69 22 2c 22 4d 79 61 6e 6d 61 72 20 54 65 78 74 22 2c 22 43 61 6d 62 72 69 61 20 4d 61 74 68 22 7d 2e 74 65 78 74 2d 74 69 74 6c 65 3a 6c 61 6e 67 28 7a 68 2d 63 6e 29 2c 2e 74 65 78 74 2d 74 69 74 6c 65 3a 6c 61 6e 67 28 7a 68 2d 74 77 29 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 22 52 6f 62
                                                                                                                                                                                    Data Ascii: aya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}.text-title:lang(zh-cn),.text-title:lang(zh-tw){font-family:"Segoe UI","Helvetica Neue","Lucida Grande","Rob


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.1649711152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:19 UTC601OUTGET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1
                                                                                                                                                                                    Origin: https://login.live.com
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: lgincdnvzeuno.azureedge.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:19 UTC735INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21816162
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: oTDwl5648ok7TkQmOkDK+Q==
                                                                                                                                                                                    Content-Type: text/css
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:19 GMT
                                                                                                                                                                                    Etag: 0x8DC076C14BD9F4E
                                                                                                                                                                                    Last-Modified: Thu, 28 Dec 2023 06:13:16 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/790F)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 6c297c23-101e-0042-2474-7edf33000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 111517
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:19 UTC16383INData Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 0a 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64
                                                                                                                                                                                    Data Ascii: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
                                                                                                                                                                                    2024-12-02 17:28:20 UTC16383INData Raw: 2c 2e 63 6f 6c 2d 78 73 2d 32 2c 2e 63 6f 6c 2d 78 73 2d 33 2c 2e 63 6f 6c 2d 78 73 2d 34 2c 2e 63 6f 6c 2d 78 73 2d 35 2c 2e 63 6f 6c 2d 78 73 2d 36 2c 2e 63 6f 6c 2d 78 73 2d 37 2c 2e 63 6f 6c 2d 78 73 2d 38 2c 2e 63 6f 6c 2d 78 73 2d 39 2c 2e 63 6f 6c 2d 78 73 2d 31 30 2c 2e 63 6f 6c 2d 78 73 2d 31 31 2c 2e 63 6f 6c 2d 78 73 2d 31 32 2c 2e 63 6f 6c 2d 78 73 2d 31 33 2c 2e 63 6f 6c 2d 78 73 2d 31 34 2c 2e 63 6f 6c 2d 78 73 2d 31 35 2c 2e 63 6f 6c 2d 78 73 2d 31 36 2c 2e 63 6f 6c 2d 78 73 2d 31 37 2c 2e 63 6f 6c 2d 78 73 2d 31 38 2c 2e 63 6f 6c 2d 78 73 2d 31 39 2c 2e 63 6f 6c 2d 78 73 2d 32 30 2c 2e 63 6f 6c 2d 78 73 2d 32 31 2c 2e 63 6f 6c 2d 78 73 2d 32 32 2c 2e 63 6f 6c 2d 78 73 2d 32 33 2c 2e 63 6f 6c 2d 78 73 2d 32 34 7b 66 6c 6f 61 74 3a 6c 65 66
                                                                                                                                                                                    Data Ascii: ,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-13,.col-xs-14,.col-xs-15,.col-xs-16,.col-xs-17,.col-xs-18,.col-xs-19,.col-xs-20,.col-xs-21,.col-xs-22,.col-xs-23,.col-xs-24{float:lef
                                                                                                                                                                                    2024-12-02 17:28:20 UTC2INData Raw: 69 6e
                                                                                                                                                                                    Data Ascii: in
                                                                                                                                                                                    2024-12-02 17:28:20 UTC16383INData Raw: 2d 6c 65 66 74 3a 39 35 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 32 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 30 25 7d 7d 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 6c 65 67 65 6e 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 7d 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73
                                                                                                                                                                                    Data Ascii: -left:95.83333%}.col-xl-offset-24{margin-left:100%}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;border:0}label{display:inline-block;max-width:100%}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-s
                                                                                                                                                                                    2024-12-02 17:28:20 UTC16383INData Raw: 3a 35 33 39 70 78 29 7b 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 2d 6d 73 2d 6f 76 65 72 66 6c 6f 77 2d 73 74 79 6c 65 3a 2d 6d 73 2d 61 75 74 6f 68 69 64 69 6e 67 2d 73 63 72 6f 6c 6c 62 61 72 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 2c 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 64 2c 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62
                                                                                                                                                                                    Data Ascii: :539px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.tab
                                                                                                                                                                                    2024-12-02 17:28:20 UTC16383INData Raw: 6f 73 6f 66 74 20 48 69 6d 61 6c 61 79 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4e 65 77 20 54 61 69 20 4c 75 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 50 68 61 67 73 50 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f 6c 69 61 6e 20 42 61 69 74 69 22 2c 22 4d 56 20 42 6f 6c 69 22 2c 22 4d 79 61 6e 6d 61 72 20 54 65 78 74 22 2c 22 43 61 6d 62 72 69 61 20 4d 61 74 68 22 7d 2e 49 45 5f 4d 37 20 75 6c 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 49 45 5f 4d 37 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2c 2e 49 45 5f 4d 37 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 2c 2e 49 45 5f 4d 37 20 62 75 74 74 6f 6e 2c 2e 49 45
                                                                                                                                                                                    Data Ascii: osoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}.IE_M7 ul{margin-left:0}.IE_M7 input[type="button"],.IE_M7 input[type="submit"],.IE_M7 button,.IE
                                                                                                                                                                                    2024-12-02 17:28:20 UTC16383INData Raw: 3d 22 75 72 6c 22 5d 2e 68 61 73 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 77 65 65 6b 22 5d 2e 68 61 73 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 2e 68 61 73 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 73 65 6c 65 63 74 2e 68 61 73 2d 65 72 72 6f 72 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 38 31 31 32 33 7d 62 6f 64 79 2e 63 62 20 64 69 76 2e 70 6c 61 63 65 68 6f 6c 64 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 62 74 6e 2c 62 75 74 74 6f 6e 2c 69 6e 70 75 74 5b 74 79 70 65 3d 27 62 75 74 74 6f 6e 27 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 27 73 75 62 6d 69 74 27 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 27 72 65 73 65 74 27 5d 7b
                                                                                                                                                                                    Data Ascii: ="url"].has-error:focus,input[type="week"].has-error:focus,textarea.has-error:focus,select.has-error:focus{border-color:#e81123}body.cb div.placeholder{margin-top:8px;margin-left:0}.btn,button,input[type='button'],input[type='submit'],input[type='reset']{
                                                                                                                                                                                    2024-12-02 17:28:20 UTC4INData Raw: 70 3a 31 2e
                                                                                                                                                                                    Data Ascii: p:1.
                                                                                                                                                                                    2024-12-02 17:28:20 UTC13213INData Raw: 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 37 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 2e 33 36 33 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 2e 33 36 33 32 70 78 3b 63 6f 6c 6f 72 3a 23 31 62 31 62 31 62 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 36 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 32 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 22 4c 75 63
                                                                                                                                                                                    Data Ascii: 25rem;font-size:24px;line-height:28px;font-weight:300;line-height:1.75rem;padding-bottom:2.3632px;padding-top:2.3632px;color:#1b1b1b;font-size:1.5rem;font-weight:600;padding:0;margin-top:16px;margin-bottom:12px;font-family:"Segoe UI","Helvetica Neue","Luc


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.1649712152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:22 UTC547OUTGET /16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:22 UTC751INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901679
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: N6ECOzbHowbIbqNQercqow==
                                                                                                                                                                                    Content-Type: application/x-javascript
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:22 GMT
                                                                                                                                                                                    Etag: 0x8D8CC042BD42D69
                                                                                                                                                                                    Last-Modified: Mon, 08 Feb 2021 07:35:56 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/791E)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: fb6df648-501e-00aa-78ad-7d9255000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 168824
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:22 UTC16383INData Raw: 2f 2a 21 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a 0d 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 6e 64 20 74 68 65 20
                                                                                                                                                                                    Data Ascii: /*! ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 70 6c 61 79 54 65 78 74 22 3a 22 5a 6f 6f 6d 22 2c 22 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 72 65 76 69 6f 75 73 22 3a 22 ee 84 80 22 2c 22 5f 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 72 65 76 69 6f 75 73 2e 63 6f 6d 6d 65 6e 74 22 3a 22 7b 4c 6f 63 6b 65 64 3d 71 70 73 2d 70 6c 6f 63 2c 71 70 73 2d 70 6c 6f 63 6d 7d 22 2c 22 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 6e 65 78 74 22 3a 22 ee 84 81 22 2c 22 5f 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 6e 65 78 74 2e 63 6f 6d 6d 65 6e 74 22 3a 22 7b 4c 6f 63 6b 65 64 3d 71 70 73 2d 70 6c 6f 63 2c 71 70 73 2d 70 6c 6f 63 6d 7d 22 2c 22 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 6c 61 79 22 3a 22 ee 84 82 22 2c 22 5f 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 6c 61 79 2e 63 6f
                                                                                                                                                                                    Data Ascii: playText":"Zoom","ui/appBarIcons/previous":"","_ui/appBarIcons/previous.comment":"{Locked=qps-ploc,qps-plocm}","ui/appBarIcons/next":"","_ui/appBarIcons/next.comment":"{Locked=qps-ploc,qps-plocm}","ui/appBarIcons/play":"","_ui/appBarIcons/play.co
                                                                                                                                                                                    2024-12-02 17:28:23 UTC2INData Raw: 49 63
                                                                                                                                                                                    Data Ascii: Ic
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 6f 6e 73 2f 74 61 72 67 65 74 2e 63 6f 6d 6d 65 6e 74 22 3a 22 7b 4c 6f 63 6b 65 64 3d 71 70 73 2d 70 6c 6f 63 2c 71 70 73 2d 70 6c 6f 63 6d 7d 22 2c 22 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 6c 69 62 72 61 72 79 22 3a 22 ee 87 93 22 2c 22 5f 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 6c 69 62 72 61 72 79 2e 63 6f 6d 6d 65 6e 74 22 3a 22 7b 4c 6f 63 6b 65 64 3d 71 70 73 2d 70 6c 6f 63 2c 71 70 73 2d 70 6c 6f 63 6d 7d 22 2c 22 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 68 6f 6e 65 62 6f 6f 6b 22 3a 22 ee 87 94 22 2c 22 5f 75 69 2f 61 70 70 42 61 72 49 63 6f 6e 73 2f 70 68 6f 6e 65 62 6f 6f 6b 2e 63 6f 6d 6d 65 6e 74 22 3a 22 7b 4c 6f 63 6b 65 64 3d 71 70 73 2d 70 6c 6f 63 2c 71 70 73 2d 70 6c 6f 63 6d 7d 22 2c 22 75 69 2f 61 70 70 42 61 72 49
                                                                                                                                                                                    Data Ascii: ons/target.comment":"{Locked=qps-ploc,qps-plocm}","ui/appBarIcons/library":"","_ui/appBarIcons/library.comment":"{Locked=qps-ploc,qps-plocm}","ui/appBarIcons/phonebook":"","_ui/appBarIcons/phonebook.comment":"{Locked=qps-ploc,qps-plocm}","ui/appBarI
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 26 63 28 61 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 64 26 26 64 28 61 29 7d 29 2c 65 7d 7d 29 3b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 58 2c 65 2e 63 72 65 61 74 65 45 76 65 6e 74 50 72 6f 70 65 72 74 69 65 73 28 43 29 29 2c 58 2e 5f 64 6f 6e 65 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 2e 5f 73 65 74 49 6d 6d 65 64 69 61 74 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 7d 29 7d 2c 7b 50 72 6f 6d 69 73 65 53 74 61 74 65 4d 61 63 68 69 6e 65 3a 53 2c 50 72 6f 6d 69 73 65 3a 58 2c 73 74 61 74 65 5f 63 72 65 61 74 65 64 3a 47 7d 7d 29 2c 64 65 66 69 6e 65 28 22 57 69 6e 4a 53 2f 50 72 6f 6d 69 73 65 22 2c 5b 22 2e 2f 43 6f 72 65 2f 5f 42 61 73 65 22 2c 22 2e 2f 50
                                                                                                                                                                                    Data Ascii: &c(a)},function(a){d&&d(a)}),e}});return Object.defineProperties(X,e.createEventProperties(C)),X._doneHandler=function(a){b._setImmediate(function(){throw a})},{PromiseStateMachine:S,Promise:X,state_created:G}}),define("WinJS/Promise",["./Core/_Base","./P
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 2c 22 74 6f 75 63 68 2d 61 63 74 69 6f 6e 22 2c 22 6f 76 65 72 66 6c 6f 77 2d 73 74 79 6c 65 22 2c 22 75 73 65 72 2d 73 65 6c 65 63 74 22 5d 2c 66 3d 7b 7d 2c 67 3d 30 2c 68 3d 65 2e 6c 65 6e 67 74 68 3b 68 3e 67 3b 67 2b 2b 29 66 6f 72 28 76 61 72 20 69 3d 65 5b 67 5d 2c 6a 3d 6d 28 69 29 2c 6b 3d 30 2c 6c 3d 64 2e 6c 65 6e 67 74 68 3b 6c 3e 6b 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 64 5b 6b 5d 2c 71 3d 6e 28 70 2c 6a 29 3b 69 66 28 71 20 69 6e 20 63 29 7b 76 61 72 20 72 3d 6f 28 70 2c 69 29 3b 61 5b 69 5d 3d 7b 63 73 73 4e 61 6d 65 3a 72 2c 73 63 72 69 70 74 4e 61 6d 65 3a 71 7d 2c 66 5b 69 5d 3d 70 3b 62 72 65 61 6b 7d 7d 72 65 74 75 72 6e 20 61 2e 61 6e 69 6d 61 74 69 6f 6e 50 72 65 66 69 78 3d 6f 28 66 2e 61 6e 69 6d 61 74 69 6f 6e 2c 22 22 29 2c 61 2e
                                                                                                                                                                                    Data Ascii: ,"touch-action","overflow-style","user-select"],f={},g=0,h=e.length;h>g;g++)for(var i=e[g],j=m(i),k=0,l=d.length;l>k;k++){var p=d[k],q=n(p,j);if(q in c){var r=o(p,i);a[i]={cssName:r,scriptName:q},f[i]=p;break}}return a.animationPrefix=o(f.animation,""),a.
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 69 73 2e 5f 67 65 74 45 76 65 6e 74 4e 61 6d 65 28 63 2c 65 29 2c 64 29 2c 6d 28 62 2c 74 68 69 73 2e 5f 67 65 74 43 6c 61 73 73 4e 61 6d 65 28 63 2c 65 29 29 7d 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 2c 65 29 7b 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 76 61 72 20 66 3d 74 68 69 73 2e 5f 67 65 74 48 61 6e 64 6c 65 72 73 28 65 29 2c 67 3d 66 5b 63 5d 3b 67 26 26 28 67 2e 72 65 66 43 6f 75 6e 74 2d 2d 2c 30 3d 3d 3d 67 2e 72 65 66 43 6f 75 6e 74 26 26 28 74 68 69 73 2e 72 65 67 69 73 74 65 72 54 68 72 75 57 69 6e 4a 53 43 75 73 74 6f 6d 45 76 65 6e 74 73 3f 61 2e 5f 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 68 69 73 2e 6f 62 6a 65 63 74 2c 63 2c 67 2c 65 29
                                                                                                                                                                                    Data Ascii: is._getEventName(c,e),d),m(b,this._getClassName(c,e))},removeEventListener:function(b,c,d,e){c=c.toLowerCase();var f=this._getHandlers(e),g=f[c];g&&(g.refCount--,0===g.refCount&&(this.registerThruWinJSCustomEvents?a._removeEventListener(this.object,c,g,e)
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 63 6f 6c 6f 6e 2c 6c 65 6e 67 74 68 3a 31 7d 2c 73 65 6d 69 63 6f 6c 6f 6e 3a 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 73 65 6d 69 63 6f 6c 6f 6e 2c 6c 65 6e 67 74 68 3a 31 7d 2c 63 6f 6d 6d 61 3a 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 63 6f 6d 6d 61 2c 6c 65 6e 67 74 68 3a 31 7d 2c 64 6f 74 3a 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 64 6f 74 2c 6c 65 6e 67 74 68 3a 31 7d 2c 6e 75 6c 6c 4c 69 74 65 72 61 6c 3a 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 6e 75 6c 6c 4c 69 74 65 72 61 6c 2c 0d 0a 6c 65 6e 67 74 68 3a 34 2c 76 61 6c 75 65 3a 6e 75 6c 6c 2c 6b 65 79 77 6f 72 64 3a 21 30 7d 2c 74 72 75 65 4c 69 74 65 72 61 6c 3a 7b 74 79 70 65 3a 74 6f 6b 65 6e 54 79 70 65 2e 74 72 75
                                                                                                                                                                                    Data Ascii: {type:tokenType.colon,length:1},semicolon:{type:tokenType.semicolon,length:1},comma:{type:tokenType.comma,length:1},dot:{type:tokenType.dot,length:1},nullLiteral:{type:tokenType.nullLiteral,length:4,value:null,keyword:!0},trueLiteral:{type:tokenType.tru
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 41 63 74 69 76 61 74 69 6e 67 43 6f 6e 74 72 6f 6c 2c 6f 26 26 6f 2e 6d 65 73 73 61 67 65 29 2c 22 77 69 6e 6a 73 20 63 6f 6e 74 72 6f 6c 73 22 2c 22 65 72 72 6f 72 22 29 2c 67 28 6f 29 7d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 2c 63 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 69 28 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 67 28 22 57 69 6e 4a 53 2e 55 49 3a 70 72 6f 63 65 73 73 41 6c 6c 2c 53 74 61 72 74 54 4d 22 29 2c 61 3d 61 7c 7c 62 2e 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 76 61 72 20 66 3d 30 2c 68 3d 22 5b 64 61 74 61 2d 77 69 6e 2d 63 6f 6e 74 72 6f 6c 5d 22 2c 69 3d 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 68 29 2c 6a 3d 5b 5d 3b 21 63 26 26 6e 28 61 29 26 26 6a 2e 70 75 73 68 28 61 29 3b 66 6f 72 28 76 61 72 20 6b 3d 30 2c
                                                                                                                                                                                    Data Ascii: ActivatingControl,o&&o.message),"winjs controls","error"),g(o)}})}function m(a,c){return new i(function(d,e){g("WinJS.UI:processAll,StartTM"),a=a||b.document.body;var f=0,h="[data-win-control]",i=a.querySelectorAll(h),j=[];!c&&n(a)&&j.push(a);for(var k=0,
                                                                                                                                                                                    2024-12-02 17:28:23 UTC6INData Raw: 75 6c 6c 2c 63 2e
                                                                                                                                                                                    Data Ascii: ull,c.


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.1649713152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:22 UTC578OUTGET /16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_xKLYpPR3cTz1G2q-i7i0Kw2.js HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:22 UTC749INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 5269171
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: 9USKfQWs10rIR5+R4AXfvQ==
                                                                                                                                                                                    Content-Type: application/x-javascript
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:22 GMT
                                                                                                                                                                                    Etag: 0x8DCDE507199391D
                                                                                                                                                                                    Last-Modified: Thu, 26 Sep 2024 17:27:06 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7941)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 206e44f8-a01e-008a-4af3-14919d000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 38737
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:22 UTC16383INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 69 29 7b 69 66 28 6e 5b 69 5d 29 72 65 74 75 72 6e 20 6e 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 74 3d 6e 5b 69 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 2c 69 64 3a 69 2c 6c 6f 61 64 65 64 3a 21 31 7d 3b 72 65 74 75 72 6e 20 65 5b 69 5d 2e 63 61 6c 6c 28 74 2e 65 78 70 6f 72 74 73 2c 74 2c 74 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 74 2e 6c 6f 61 64 65 64 3d 21 30 2c 74 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 6e 3d 7b 7d 3b 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 6e 2c 6f 2e 70 3d 22 22 2c 6f 28 30 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 76 61 72 20 69 3d 6e 28 31 29 2c 74 3d 6e 28 35 29 2c 72 3d 6e 28 34 29 2c 61 3d 74 2e 53 74 72 69 6e 67 73 56 61 72
                                                                                                                                                                                    Data Ascii: !function(e){function o(i){if(n[i])return n[i].exports;var t=n[i]={exports:{},id:i,loaded:!1};return e[i].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){var i=n(1),t=n(5),r=n(4),a=t.StringsVar
                                                                                                                                                                                    2024-12-02 17:28:22 UTC1INData Raw: 68
                                                                                                                                                                                    Data Ascii: h
                                                                                                                                                                                    2024-12-02 17:28:23 UTC16383INData Raw: 65 6e 74 69 63 61 74 6f 72 41 70 70 3d 22 41 70 70 72 6f 76 65 20 61 20 72 65 71 75 65 73 74 20 6f 6e 20 6d 79 20 4d 69 63 72 6f 73 6f 66 74 20 41 75 74 68 65 6e 74 69 63 61 74 6f 72 20 61 70 70 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 4f 70 74 69 6f 6e 5f 47 65 6e 65 72 69 63 41 70 70 3d 22 41 70 70 72 6f 76 65 20 61 20 72 65 71 75 65 73 74 20 75 73 69 6e 67 20 6d 79 20 4d 69 63 72 6f 73 6f 66 74 20 61 70 70 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 4f 70 74 69 6f 6e 5f 46 69 64 6f 3d 22 53 69 67 6e 20 69 6e 20 77 69 74 68 20 57 69 6e 64 6f 77 73 20 48 65 6c 6c 6f 20 6f 72 20 61 20 73 65 63 75 72 69 74 79 20 6b 65 79 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74
                                                                                                                                                                                    Data Ascii: enticatorApp="Approve a request on my Microsoft Authenticator app",e.CT_STR_CredentialPicker_Option_GenericApp="Approve a request using my Microsoft app",e.CT_STR_CredentialPicker_Option_Fido="Sign in with Windows Hello or a security key",e.CT_STR_Credent
                                                                                                                                                                                    2024-12-02 17:28:23 UTC5970INData Raw: 62 72 3e 4b 65 65 70 20 74 61 62 73 20 6f 6e 20 79 6f 75 72 20 73 75 62 73 63 72 69 70 74 69 6f 6e 73 20 61 6e 64 20 6f 72 64 65 72 20 68 69 73 74 6f 72 79 2c 20 6f 72 67 61 6e 69 73 65 20 79 6f 75 72 20 66 61 6d 69 6c 79 27 73 20 64 69 67 69 74 61 6c 20 6c 69 66 65 2c 20 75 70 64 61 74 65 20 79 6f 75 72 20 70 72 69 76 61 63 79 20 61 6e 64 20 73 65 63 75 72 69 74 79 20 73 65 74 74 69 6e 67 73 2c 20 61 6e 64 20 74 72 61 63 6b 20 74 68 65 20 68 65 61 6c 74 68 20 61 6e 64 20 73 61 66 65 74 79 20 6f 66 20 79 6f 75 72 20 64 65 76 69 63 65 73 2e e2 80 8b 22 2c 65 2e 43 6f 6e 76 65 72 67 65 64 4f 4f 42 45 5f 53 54 52 5f 4c 65 61 72 6e 4d 6f 72 65 50 61 67 65 44 65 73 63 33 3d 22 3c 62 3e 4e 6f 74 20 73 75 72 65 20 69 66 20 79 6f 75 20 68 61 76 65 20 61 20 4d 69
                                                                                                                                                                                    Data Ascii: br>Keep tabs on your subscriptions and order history, organise your family's digital life, update your privacy and security settings, and track the health and safety of your devices.",e.ConvergedOOBE_STR_LearnMorePageDesc3="<b>Not sure if you have a Mi


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.1649714152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:25 UTC566OUTGET /shared/1.0/content/js/Win10HostLogin_PCore_tyc5d-3YkIvD7nbPy0DBHw2.js HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:26 UTC750INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 3884461
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: jlcvc5SxQb4S2Mvvx549rw==
                                                                                                                                                                                    Content-Type: application/x-javascript
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:25 GMT
                                                                                                                                                                                    Etag: 0x8DCE4DDE40D8EBD
                                                                                                                                                                                    Last-Modified: Sat, 05 Oct 2024 01:34:44 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/788C)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 43d4ae7e-301e-00a2-6f8b-216ed7000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 488937
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61
                                                                                                                                                                                    Data Ascii: /*! * ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
                                                                                                                                                                                    2024-12-02 17:28:26 UTC1INData Raw: 44
                                                                                                                                                                                    Data Ascii: D
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 49 4e 47 5f 4e 4f 54 5f 41 4c 4c 4f 57 45 44 3a 22 38 30 30 34 37 38 44 37 22 2c 50 50 5f 45 5f 49 44 50 5f 42 49 4e 44 49 4e 47 5f 45 58 49 53 54 53 5f 53 41 4d 53 55 4e 47 3a 22 38 30 30 34 34 35 33 45 22 2c 50 50 5f 45 5f 54 52 41 4e 53 46 45 52 5f 54 4f 4b 45 4e 5f 49 4e 56 41 4c 49 44 5f 53 45 53 53 49 4f 4e 3a 22 38 30 30 34 33 35 41 30 22 7d 2c 6e 2e 45 73 74 73 45 72 72 6f 72 3d 7b 55 73 65 72 41 63 63 6f 75 6e 74 53 65 6c 65 63 74 69 6f 6e 49 6e 76 61 6c 69 64 3a 22 31 36 30 30 31 22 2c 55 73 65 72 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 22 35 30 30 32 30 22 2c 55 73 65 72 55 6e 61 75 74 68 6f 72 69 7a 65 64 41 70 69 56 65 72 73 69 6f 6e 4e 6f 74 53 75 70 70 6f 72 74 65 64 3a 22 35 30 30 32 30 31 22 2c 55 73 65 72 55 6e 61 75 74 68 6f 72 69 7a 65
                                                                                                                                                                                    Data Ascii: ING_NOT_ALLOWED:"800478D7",PP_E_IDP_BINDING_EXISTS_SAMSUNG:"8004453E",PP_E_TRANSFER_TOKEN_INVALID_SESSION:"800435A0"},n.EstsError={UserAccountSelectionInvalid:"16001",UserUnauthorized:"50020",UserUnauthorizedApiVersionNotSupported:"500201",UserUnauthorize
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3a 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 65 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3a 7b 7d 7d 2c 68 69 73 74 6f 72 79 3a 7b 70 75 73 68 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 50 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 75 2e 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 65 2c 6e 29 7d 2c 72 65 70 6c 61 63 65 53 74 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 50 2e 69 73 48 69 73 74 6f 72 79 53 75 70 70 6f 72 74 65 64 28 29 26 26 75 2e 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 65 2c 6e 29 7d 7d 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74
                                                                                                                                                                                    Data Ascii: faultView.getComputedStyle(e,null):e.currentStyle?e.currentStyle:{}},history:{pushState:function(e,n){P.isHistorySupported()&&u.history.pushState(e,n)},replaceState:function(e,n){P.isHistorySupported()&&u.history.replaceState(e,n)}},addEventListener:funct
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 3d 34 30 30 26 26 28 6f 3d 21 30 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 61 72 73 65 72 65 72 72 6f 72 22 3a 72 3d 22 55 6e 61 62 6c 65 20 74 6f 20 70 61 72 73 65 20 72 65 73 70 6f 6e 73 65 22 2c 6f 3d 21 30 7d 74 2e 65 72 72 6f 72 3d 7b 63 6f 64 65 3a 61 2c 6d 65 73 73 61 67 65 3a 72 2c 64 65 62 75 67 4d 65 73 73 61 67 65 3a 22 28 78 68 72 20 73 74 61 74 75 73 20 22 2b 65 2e 73 74 61 74 75 73 2b 22 29 20 78 68 72 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 3a 20 22 2b 65 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 2c 73 74 61 63 6b 54 72 61 63 65 3a 22 22 2c 69 73 46 61 74 61 6c 3a 6f 7d 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 65 29 7b 76 61 72 20 74 2c 6f 3d 28 65 3d 65 7c 7c 7b 7d 29 2e 65 72 72 6f 72 7c 7c 6e 75 6c 6c 2c 61 3d 7b 73 74
                                                                                                                                                                                    Data Ascii: =400&&(o=!0);break;case"parsererror":r="Unable to parse response",o=!0}t.error={code:a,message:r,debugMessage:"(xhr status "+e.status+") xhr.responseText: "+e.responseText,stackTrace:"",isFatal:o}}return t}function _(e){var t,o=(e=e||{}).error||null,a={st
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 6f 6d 70 6c 65 74 65 28 21 30 29 2c 6e 2e 73 74 72 69 6e 67 73 2e 69 73 4c 6f 61 64 43 6f 6d 70 6c 65 74 65 28 21 30 29 7d 7d 2c 63 72 65 61 74 65 43 75 73 74 6f 6d 69 7a 61 74 69 6f 6e 4c 6f 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 69 2c 6f 29 7b 74 2e 65 28 38 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6e 65 77 28 74 28 35 33 39 29 29 28 7b 73 65 72 76 65 72 44 61 74 61 3a 65 2c 70 61 67 65 49 64 3a 6f 7d 29 3b 69 3f 28 69 28 61 29 2c 53 2e 6c 6f 61 64 43 75 73 74 6f 6d 69 7a 61 74 69 6f 6e 46 69 6c 65 73 28 6e 2c 69 28 29 29 29 3a 53 2e 6c 6f 61 64 43 75 73 74 6f 6d 69 7a 61 74 69 6f 6e 46 69 6c 65 73 28 6e 2c 61 29 7d 2e 62 69 6e 64 28 6e 75 6c 6c 2c 74 29 29 5b 22 63 61 74 63 68 22 5d 28 74 2e 6f 65 29 7d 7d
                                                                                                                                                                                    Data Ascii: omplete(!0),n.strings.isLoadComplete(!0)}},createCustomizationLoader:function(e,n,i,o){t.e(8).then(function(){var a=new(t(539))({serverData:e,pageId:o});i?(i(a),S.loadCustomizationFiles(n,i())):S.loadCustomizationFiles(n,a)}.bind(null,t))["catch"](t.oe)}}
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 6e 75 6c 6c 2c 6e 7d 66 75 6e 63 74 69 6f 6e 20 65 6e 28 65 2c 6e 29 7b 76 61 72 20 74 3d 6d 2e 50 61 73 73 77 6f 72 64 2c 69 3d 65 2e 43 72 65 64 65 6e 74 69 61 6c 73 3b 72 65 74 75 72 6e 20 69 26 26 28 28 74 3d 69 2e 50 72 65 66 43 72 65 64 65 6e 74 69 61 6c 29 21 3d 3d 6d 2e 46 69 64 6f 7c 7c 6e 7c 7c 28 74 3d 69 2e 52 65 6d 6f 74 65 4e 67 63 50 61 72 61 6d 73 26 26 69 2e 52 65 6d 6f 74 65 4e 67 63 50 61 72 61 6d 73 2e 53 65 73 73 69 6f 6e 49 64 65 6e 74 69 66 69 65 72 3f 6d 2e 52 65 6d 6f 74 65 4e 47 43 3a 6d 2e 50 61 73 73 77 6f 72 64 29 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 6e 28 65 2c 6e 29 7b 76 61 72 20 74 3d 65 2e 43 72 65 64 65 6e 74 69 61 6c 73 7c 7c 7b 7d 2c 69 3d 74 2e 53 61 73 50 61 72 61 6d 73 2c 6f 3d 74 2e 4c 69 6e 6b 65 64 49 6e 50
                                                                                                                                                                                    Data Ascii: null,n}function en(e,n){var t=m.Password,i=e.Credentials;return i&&((t=i.PrefCredential)!==m.Fido||n||(t=i.RemoteNgcParams&&i.RemoteNgcParams.SessionIdentifier?m.RemoteNGC:m.Password)),t}function nn(e,n){var t=e.Credentials||{},i=t.SasParams,o=t.LinkedInP
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 3d 74 28 30 29 2c 73 3d 77 69 6e 64 6f 77 2c 63 3d 72 2e 44 69 61 6c 6f 67 49 64 3b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2c 74 3d 65 2e 69 73 50 6c 61 74 66 6f 72 6d 41 75 74 68 65 6e 74 69 63 61 74 6f 72 41 76 61 69 6c 61 62 6c 65 3b 6e 2e 6f 6e 52 65 67 69 73 74 65 72 44 69 61 6c 6f 67 3d 61 2e 63 72 65 61 74 65 28 29 2c 6e 2e 6f 6e 55 6e 72 65 67 69 73 74 65 72 44 69 61 6c 6f 67 3d 61 2e 63 72 65 61 74 65 28 29 2c 6e 2e 6f 6e 53 68 6f 77 44 69 61 6c 6f 67 3d 61 2e 63 72 65 61 74 65 28 29 2c 6e 2e 69 73 50 6c 61 74 66 6f 72 6d 41 75 74 68 65 6e 74 69 63 61 74 6f 72 41 76 61 69 6c 61 62 6c 65 3d 74 2c 6e 2e 68 61 73 46 6f 63 75 73 3d 69 2e 6f 62 73 65 72 76 61 62 6c 65 28 21 31 29 2c 6e 2e 66 69 64 6f 48 65 6c 70 5f 6f
                                                                                                                                                                                    Data Ascii: =t(0),s=window,c=r.DialogId;function d(e){var n=this,t=e.isPlatformAuthenticatorAvailable;n.onRegisterDialog=a.create(),n.onUnregisterDialog=a.create(),n.onShowDialog=a.create(),n.isPlatformAuthenticatorAvailable=t,n.hasFocus=i.observable(!1),n.fidoHelp_o
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 6e 61 74 65 64 53 74 61 74 65 2e 50 61 72 74 6e 65 72 43 61 6e 61 72 79 56 61 6c 69 64 61 74 69 6f 6e 7d 7d 2c 63 3d 6c 2e 50 61 72 74 6e 65 72 43 61 6e 61 72 79 53 63 65 6e 61 72 69 6f 3d 7b 55 6e 64 65 66 69 6e 65 64 3a 30 2c 46 69 64 6f 3a 31 7d 2c 64 3d 6c 2e 43 61 6e 61 72 79 56 61 6c 69 64 61 74 69 6f 6e 53 75 63 63 65 73 73 41 63 74 69 6f 6e 3d 7b 53 77 69 74 63 68 56 69 65 77 3a 31 2c 52 65 64 69 72 65 63 74 3a 32 7d 3b 66 75 6e 63 74 69 6f 6e 20 6c 28 65 29 7b 76 61 72 20 6e 3d 65 2c 74 3d 6e 2e 61 4b 2c 75 3d 6e 2e 43 41 2c 70 3d 21 21 6e 2e 73 2c 66 3d 21 21 6e 2e 42 55 2c 67 3d 6e 2e 6a 2c 6d 3d 6e 2e 75 2c 76 3d 6e 2e 41 72 3b 74 68 69 73 2e 76 61 6c 69 64 61 74 65 41 73 79 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65
                                                                                                                                                                                    Data Ascii: natedState.PartnerCanaryValidation}},c=l.PartnerCanaryScenario={Undefined:0,Fido:1},d=l.CanaryValidationSuccessAction={SwitchView:1,Redirect:2};function l(e){var n=e,t=n.aK,u=n.CA,p=!!n.s,f=!!n.BU,g=n.j,m=n.u,v=n.Ar;this.validateAsync=function(){return ne
                                                                                                                                                                                    2024-12-02 17:28:26 UTC16383INData Raw: 29 2c 52 3d 67 2e 45 6e 64 2c 61 2e 68 69 64 65 50 61 67 69 6e 61 74 65 64 56 69 65 77 28 21 31 29 2c 61 2e 68 69 64 65 50 61 67 69 6e 61 74 65 64 56 69 65 77 2e 68 69 64 65 53 75 62 56 69 65 77 28 21 31 29 2c 61 2e 61 6e 69 6d 61 74 65 28 42 3f 6d 2e 53 6c 69 64 65 49 6e 42 61 63 6b 3a 6d 2e 53 6c 69 64 65 49 6e 4e 65 78 74 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 55 3d 77 26 26 68 2e 69 73 43 53 53 41 6e 69 6d 61 74 69 6f 6e 53 75 70 70 6f 72 74 65 64 28 29 2c 49 3d 6e 65 77 20 72 28 24 2c 47 2c 71 29 3b 76 61 72 20 65 3d 6e 75 6c 6c 3b 6e 75 6c 6c 3d 3d 3d 43 26 26 6e 75 6c 6c 3d 3d 3d 5f 7c 7c 28 43 3d 6e 75 6c 6c 3d 3d 3d 43 3f 5f 3a 43 2c 5f 3d 6e 75 6c 6c 3d 3d 3d 5f 3f 43 3a 5f 2c 65 3d 7b 76 69 65 77 49 64 3a 43 2c 69 73 49 6e 69 74 69 61 6c
                                                                                                                                                                                    Data Ascii: ),R=g.End,a.hidePaginatedView(!1),a.hidePaginatedView.hideSubView(!1),a.animate(B?m.SlideInBack:m.SlideInNext)}},function(){U=w&&h.isCSSAnimationSupported(),I=new r($,G,q);var e=null;null===C&&null===_||(C=null===C?_:C,_=null===_?C:_,e={viewId:C,isInitial


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.1649716152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:29 UTC548OUTGET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:29 UTC751INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901520
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: wegr9xrdYirQ87+FcvY0/A==
                                                                                                                                                                                    Content-Type: application/x-javascript
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:29 GMT
                                                                                                                                                                                    Etag: 0x8DB5D45FE75942A
                                                                                                                                                                                    Last-Modified: Thu, 25 May 2023 17:32:20 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7931)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 5816919b-101e-00c6-50ae-7d246e000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 190152
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:29 UTC16383INData Raw: 28 77 69 6e 64 6f 77 2e 74 65 6c 65 6d 65 74 72 79 5f 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 74 65 6c 65 6d 65 74 72 79 5f 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 5d 2c 5b 2c 2c 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 72 28 74 29 2c 6e 2e 64 28 74 2c 22 56 61 6c 75 65 4b 69 6e 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 65 7d 29 29 2c 6e 2e 64 28 74 2c 22 45 76 65 6e 74 4c 61 74 65 6e 63 79 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 45 76 65 6e 74 50 65 72 73 69 73 74 65 6e 63 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 62 7d
                                                                                                                                                                                    Data Ascii: (window.telemetry_webpackJsonp=window.telemetry_webpackJsonp||[]).push([[2],[,,,function(e,t,n){"use strict";n.r(t),n.d(t,"ValueKind",(function(){return r.e})),n.d(t,"EventLatency",(function(){return r.a})),n.d(t,"EventPersistence",(function(){return r.b}
                                                                                                                                                                                    2024-12-02 17:28:29 UTC16383INData Raw: 74 2c 22 50 72 6f 70 65 72 74 69 65 73 50 6c 75 67 69 6e 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2e 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 50 6f 73 74 43 68 61 6e 6e 65 6c 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 2e 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 43 6f 72 65 55 74 69 6c 73 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 2e 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 42 45 5f 50 52 4f 46 49 4c 45 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 4e 52 54 5f 50 52 4f 46 49 4c 45 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 2e 62 7d 29 29 2c 6e 2e 64 28 74 2c 22 52 54 5f 50 52 4f 46 49 4c 45 22 2c 28 66 75 6e 63 74 69 6f
                                                                                                                                                                                    Data Ascii: t,"PropertiesPlugin",(function(){return g.a})),n.d(t,"PostChannel",(function(){return v.a})),n.d(t,"CoreUtils",(function(){return c.a})),n.d(t,"BE_PROFILE",(function(){return p.a})),n.d(t,"NRT_PROFILE",(function(){return p.b})),n.d(t,"RT_PROFILE",(functio
                                                                                                                                                                                    2024-12-02 17:28:29 UTC16383INData Raw: 68 69 73 2e 74 79 70 65 4e 61 6d 65 29 29 7c 7c 22 6e 6f 74 5f 73 70 65 63 69 66 69 65 64 22 3b 76 61 72 20 61 3d 74 2e 73 74 61 63 6b 44 65 74 61 69 6c 73 7c 7c 6c 65 28 74 29 3b 74 68 69 73 2e 70 61 72 73 65 64 53 74 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3d 65 2e 6f 62 6a 3b 69 66 28 6e 26 26 6e 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 3d 5b 5d 3b 76 61 72 20 72 3d 30 2c 69 3d 30 3b 4f 62 6a 65 63 74 28 53 2e 62 29 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 67 65 2e 72 65 67 65 78 2e 74 65 73 74 28 6e 29 29 7b 76 61 72 20 61 3d 6e 65 77 20 67 65 28 6e 2c 72 2b 2b 29 3b 69 2b 3d 61 2e 73 69 7a 65 49 6e 42 79 74 65 73 2c 74 2e 70 75 73 68 28 61 29 7d 7d 29 29
                                                                                                                                                                                    Data Ascii: his.typeName))||"not_specified";var a=t.stackDetails||le(t);this.parsedStack=function(e){var t,n=e.obj;if(n&&n.length>0){t=[];var r=0,i=0;Object(S.b)(n,(function(e){var n=e.toString();if(ge.regex.test(n)){var a=new ge(n,r++);i+=a.sizeInBytes,t.push(a)}}))
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 69 63 79 20 70 72 65 76 65 6e 74 73 20 75 73 20 66 72 6f 6d 20 67 65 74 74 69 6e 67 20 74 68 65 20 64 65 74 61 69 6c 73 20 6f 66 20 74 68 69 73 20 65 78 63 65 70 74 69 6f 6e 2e 20 43 6f 6e 73 69 64 65 72 20 75 73 69 6e 67 20 74 68 65 20 27 63 72 6f 73 73 6f 72 69 67 69 6e 27 20 61 74 74 72 69 62 75 74 65 2e 22 2c 61 2c 74 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 30 2c 74 2e 63 6f 6c 75 6d 6e 4e 75 6d 62 65 72 7c 7c 30 2c 6e 2c 72 2c 6e 75 6c 6c 2c 6f 29 2c 63 29 3a 28 74 2e 65 72 72 6f 72 53 72 63 7c 7c 28 74 2e 65 72 72 6f 72 53 72 63 3d 6f 29 2c 65 2e 74 72 61 63 6b 45 78 63 65 70 74 69 6f 6e 28 7b 65 78 63 65 70 74 69 6f 6e 3a 74 2c 73 65 76 65 72 69 74 79 4c 65 76 65 6c 3a 33 7d 2c 63 29 29 7d 63 61 74 63 68 28 65 29 7b 76 61 72 20 75 3d 6e 3f 6e 2e 6e
                                                                                                                                                                                    Data Ascii: icy prevents us from getting the details of this exception. Consider using the 'crossorigin' attribute.",a,t.lineNumber||0,t.columnNumber||0,n,r,null,o),c):(t.errorSrc||(t.errorSrc=o),e.trackException({exception:t,severityLevel:3},c))}catch(e){var u=n?n.n
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 7b 65 3d 4f 62 6a 65 63 74 28 63 2e 74 29 28 65 29 3f 65 3a 7b 7d 3b 76 61 72 20 6e 3d 7b 7d 2c 72 3d 4f 62 6a 65 63 74 28 63 2e 74 29 28 74 29 3f 74 3a 7b 7d 3b 74 68 69 73 2e 5f 73 65 74 42 61 73 69 63 50 72 6f 70 65 72 74 69 65 73 28 6e 2c 65 29 2c 74 68 69 73 2e 5f 73 65 74 50 61 67 65 54 61 67 73 28 6e 2c 65 29 2c 6e 2e 69 73 4d 61 6e 75 61 6c 3d 21 65 2e 69 73 41 75 74 6f 2c 72 2e 62 65 68 61 76 69 6f 72 3d 74 68 69 73 2e 5f 67 65 74 42 65 68 61 76 69 6f 72 28 65 29 2c 72 2e 76 70 48 65 69 67 68 74 3d 65 2e 76 70 48 65 69 67 68 74 2c 72 2e 76 70 57 69 64 74 68 3d 65 2e 76 70 57 69 64 74 68 2c 72 2e 66 72 61 6d 65 77 6f 72 6b 3d 65 2e 66 72 61 6d 65 77 6f 72 6b 2c 72 2e 73 79 73 74 65 6d 54 69 6d 69 6e 67 3d 65 2e 73 79 73 74 65 6d 54 69 6d 69 6e 67
                                                                                                                                                                                    Data Ascii: {e=Object(c.t)(e)?e:{};var n={},r=Object(c.t)(t)?t:{};this._setBasicProperties(n,e),this._setPageTags(n,e),n.isManual=!e.isAuto,r.behavior=this._getBehavior(e),r.vpHeight=e.vpHeight,r.vpWidth=e.vpWidth,r.framework=e.framework,r.systemTiming=e.systemTiming
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 72 6f 72 22 5d 29 2c 65 2e 65 6d 70 74 79 53 6e 69 70 70 65 74 51 75 65 75 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 79 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 7b 4f 62 6a 65 63 74 28 53 2e 73 29 28 6e 29 7c 7c 6e 2c 4f 62 6a 65 63 74 28 53 2e 43 29 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 72 29 7b 69 66 28 4f 62 6a 65 63 74 28 53 2e 76 29 28 6e 29 26 26 21 4f 62 6a 65 63 74 28 53 2e 70 29 28 72 29 26 26 6e 26 26 22 5f 22 21 3d 3d 6e 5b 30 5d 26 26 2d 31 3d 3d 3d 4f 62 6a 65 63 74 28 53 2e 63 29 28 52 74 2c 6e 29 29 74 72 79 7b 74 5b 6e 5d 3d 72 7d 63 61 74 63 68 28 74 29 7b 4f 62 6a 65 63 74 28 66 2e 64 29 28 65 2e 6c 6f 67 67 65 72 2c 32 2c 35 31 34 2c 22 46 61 69 6c 65 64 20 74 6f 20 73 65 74 20 5b 22 2b 6e 2b 22 5d 20 64
                                                                                                                                                                                    Data Ascii: ror"]),e.emptySnippetQueue=function(t){try{if(function(){if(t){Object(S.s)(n)||n,Object(S.C)(e,(function(n,r){if(Object(S.v)(n)&&!Object(S.p)(r)&&n&&"_"!==n[0]&&-1===Object(S.c)(Rt,n))try{t[n]=r}catch(t){Object(f.d)(e.logger,2,514,"Failed to set ["+n+"] d
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 6e 20 65 2e 69 6e 64 65 78 4f 66 28 74 2c 6e 29 3b 76 61 72 20 72 3d 65 5b 61 2e 78 5d 2c 69 3d 6e 7c 7c 30 3b 74 72 79 7b 66 6f 72 28 76 61 72 20 6f 3d 4d 61 74 68 2e 6d 61 78 28 69 3e 3d 30 3f 69 3a 72 2d 4d 61 74 68 2e 61 62 73 28 69 29 2c 30 29 3b 6f 3c 72 3b 6f 2b 2b 29 69 66 28 6f 20 69 6e 20 65 26 26 65 5b 6f 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6f 7d 63 61 74 63 68 28 65 29 7b 7d 7d 72 65 74 75 72 6e 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 57 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 69 66 28 65 29 7b 69 66 28 65 2e 6d 61 70 29 72 65 74 75 72 6e 20 65 2e 6d 61 70 28 74 2c 6e 29 3b 76 61 72 20 69 3d 65 5b 61 2e 78 5d 2c 6f 3d 6e 7c 7c 65 3b 72 3d 6e 65 77 20 41 72 72 61 79 28 69 29 3b 74 72 79 7b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 69 3b 63 2b
                                                                                                                                                                                    Data Ascii: n e.indexOf(t,n);var r=e[a.x],i=n||0;try{for(var o=Math.max(i>=0?i:r-Math.abs(i),0);o<r;o++)if(o in e&&e[o]===t)return o}catch(e){}}return-1}function W(e,t,n){var r;if(e){if(e.map)return e.map(t,n);var i=e[a.x],o=n||e;r=new Array(i);try{for(var c=0;c<i;c+
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 5b 69 2e 45 5d 7c 7c 39 3d 3d 3d 65 5b 69 2e 45 5d 7c 7c 21 2b 65 5b 69 2e 45 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 5b 65 2e 69 64 5d 3b 69 66 28 21 6e 29 7b 6e 3d 7b 7d 3b 74 72 79 7b 6c 28 74 29 26 26 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 75 29 74 72 79 7b 72 65 74 75 72 6e 20 75 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6e 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72 6e 21 31 7d 28 74 2c 65 2e 69 64 2c 6e 29 7c 7c 28 74 5b 65 2e 69 64 5d 3d 6e 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20
                                                                                                                                                                                    Data Ascii: [i.E]||9===e[i.E]||!+e[i.E]}function d(e,t){var n=t[e.id];if(!n){n={};try{l(t)&&(function(e,t,n){if(u)try{return u(e,t,{value:n,enumerable:!1,configurable:!0}),!0}catch(e){}return!1}(t,e.id,n)||(t[e.id]=n))}catch(e){}}return n}function b(e,t){return void
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 7d 2c 73 65 74 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 26 26 64 2e 73 65 74 4e 61 6d 65 28 65 29 2c 62 2e 6e 61 6d 65 3d 65 7d 2c 67 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 2e 74 72 61 63 65 49 64 7d 2c 73 65 74 54 72 61 63 65 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 26 26 64 2e 73 65 74 54 72 61 63 65 49 64 28 65 29 2c 4f 62 6a 65 63 74 28 6f 2e 66 29 28 65 29 26 26 28 62 2e 74 72 61 63 65 49 64 3d 65 29 7d 2c 67 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 2e 70 61 72 65 6e 74 49 64 7d 2c 73 65 74 53 70 61 6e 49 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 26 26 64 2e 73 65 74 53 70 61 6e 49 64 28 65 29 2c 4f 62 6a 65 63 74 28 6f 2e 65 29 28 65 29
                                                                                                                                                                                    Data Ascii: },setName:function(e){d&&d.setName(e),b.name=e},getTraceId:function(){return b.traceId},setTraceId:function(e){d&&d.setTraceId(e),Object(o.f)(e)&&(b.traceId=e)},getSpanId:function(){return b.parentId},setSpanId:function(e){d&&d.setSpanId(e),Object(o.e)(e)
                                                                                                                                                                                    2024-12-02 17:28:30 UTC16383INData Raw: 5d 3d 22 72 65 71 75 65 75 65 22 2c 54 5b 32 30 30 5d 3d 22 73 65 6e 74 22 2c 54 5b 38 30 30 34 5d 3d 22 64 72 6f 70 22 2c 54 5b 38 30 30 33 5d 3d 22 64 72 6f 70 22 2c 54 29 2c 77 3d 7b 7d 2c 50 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 41 28 65 2c 74 2c 6e 29 7b 77 5b 65 5d 3d 74 2c 21 31 21 3d 3d 6e 26 26 28 50 5b 74 5d 3d 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 65 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72 6e 22 22 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 65 2c 74 29 7b 76 61 72 20 6e 3d 21 31 3b 69 66 28 65 26 26 74 29 7b 76 61 72 20 72 3d 4f 62 6a 65 63 74 28 73 2e 45 29 28 65 29 3b 69 66 28 72 26 26 72 2e 6c 65 6e 67 74 68 3e 30 29 66 6f 72 28 76 61 72 20 69 3d 74 2e 74
                                                                                                                                                                                    Data Ascii: ]="requeue",T[200]="sent",T[8004]="drop",T[8003]="drop",T),w={},P={};function A(e,t,n){w[e]=t,!1!==n&&(P[t]=e)}function k(e){try{return e.responseText}catch(e){}return""}function _(e,t){var n=!1;if(e&&t){var r=Object(s.E)(e);if(r&&r.length>0)for(var i=t.t


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    6192.168.2.1649718152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:32 UTC618OUTGET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:32 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901615
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
                                                                                                                                                                                    Content-Type: image/svg+xml
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:32 GMT
                                                                                                                                                                                    Etag: 0x8DB5C409E47C29A
                                                                                                                                                                                    Last-Modified: Wed, 24 May 2023 10:21:20 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7892)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: d3d14c63-f01e-009c-04ad-7d4948000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 3651
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:32 UTC3651INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30
                                                                                                                                                                                    Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    7192.168.2.1649717152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:32 UTC617OUTGET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:33 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901591
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: DhdidjYrlCeaRJJRG/y9mA==
                                                                                                                                                                                    Content-Type: image/svg+xml
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:32 GMT
                                                                                                                                                                                    Etag: 0x8DB5C409B889493
                                                                                                                                                                                    Last-Modified: Wed, 24 May 2023 10:21:16 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/792B)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 5237cc59-d01e-00f6-0ead-7d057f000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 1864
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:33 UTC1864INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36
                                                                                                                                                                                    Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    8192.168.2.1649719152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:34 UTC618OUTGET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:35 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21815572
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: R2FAVxfpONfnQAuxVxXbHg==
                                                                                                                                                                                    Content-Type: image/svg+xml
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:35 GMT
                                                                                                                                                                                    Etag: 0x8DB5C40A00B024F
                                                                                                                                                                                    Last-Modified: Wed, 24 May 2023 10:21:23 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7928)
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 293c6246-901e-00ce-0976-7e7c7f000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 1592
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:35 UTC1592INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 34 30 34 30 34 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 61 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 34 30 2c 33 32 2e 35 37 38 56 34 30 48 33 32 56 33 36 48 32 38 56 33 32 48 32 34 56 32 38 2e 37 36 36 41 31 30 2e 36 38 39 2c 31 30 2e 36 38 39 2c 30 2c 30 2c
                                                                                                                                                                                    Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    9192.168.2.1649720152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:53 UTC623OUTGET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:53 UTC716INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901736
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: Fm3lNHEmUlOrOkVt7+baIw==
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:53 GMT
                                                                                                                                                                                    Etag: 0x8DB5C409E1C7335
                                                                                                                                                                                    Last-Modified: Wed, 24 May 2023 10:21:20 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7945)
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 07d9fca7-f01e-009c-63ad-7d4948000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 2672
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:53 UTC2672INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21
                                                                                                                                                                                    Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL*&!,0<[\K8jtrg!,3^;*\UK]\%Vc!,7`lo[a*Rw~i!


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    10192.168.2.1649721152.199.21.1754431228C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-02 17:28:53 UTC617OUTGET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1
                                                                                                                                                                                    Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
                                                                                                                                                                                    Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                    Host: logincdn.msftauth.net
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-02 17:28:53 UTC716INHTTP/1.1 200 OK
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                    Age: 21901915
                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                    Content-MD5: tUCo5RgDcZLjLE/li/Lbqw==
                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                    Date: Mon, 02 Dec 2024 17:28:53 GMT
                                                                                                                                                                                    Etag: 0x8DB5C409E426C32
                                                                                                                                                                                    Last-Modified: Wed, 24 May 2023 10:21:20 GMT
                                                                                                                                                                                    Server: ECAcc (lhc/7941)
                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                    x-ms-request-id: 2d38f432-101e-002a-02ad-7dc500000000
                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                    Content-Length: 3620
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-02 17:28:53 UTC3620INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 00 00 00 69 69 69 21 f9 04 09 05 00 00 00 21 fe 26 45 64 69 74 65 64 20 77 69 74 68 20 65 7a 67 69 66 2e 63 6f 6d 20 6f 6e 6c 69 6e 65 20 47 49 46 20 6d 61 6b 65 72 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 1f 69 19 07 ec 96 8a b2 51 34 af de bc fb 0f 86 e2 48 96 e6 89 a6 6a 0a 3d 99 6b 39 2d 35 5f f5 8a e7 fa ce f7 fe 0f 8c b4 6a 37 98 a6 28 7b 05 97 cc a6 f3 09 d5 15 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 0f
                                                                                                                                                                                    Data Ascii: GIF89a`iii!!&Edited with ezgif.com online GIF maker!NETSCAPE2.0,`6PlHI:qJk`BYL*&!,`9iQ4Hj=k9-5_j7({!,`9


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                    Start time:12:28:05
                                                                                                                                                                                    Start date:02/12/2024
                                                                                                                                                                                    Path:C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe" -ServerName:App.AppX20qnn98vxw5bhxrjtb1f6rggecb2k15a.mca
                                                                                                                                                                                    Imagebase:0x7ff7f2d60000
                                                                                                                                                                                    File size:585'528 bytes
                                                                                                                                                                                    MD5 hash:B5771BB2E606873149277940FFB4BCB5
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                    Start time:12:28:09
                                                                                                                                                                                    Start date:02/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\WWAHost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
                                                                                                                                                                                    Imagebase:0x7ff74db50000
                                                                                                                                                                                    File size:995'672 bytes
                                                                                                                                                                                    MD5 hash:69318AE264A1E45ED570CEDCDC4B7B69
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    No disassembly