Edit tour

Windows Analysis Report
Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg

Overview

General Information

Sample name:Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg
Analysis ID:1648087
MD5:e2f49818ed2f2d458047b0e22bebc41e
SHA1:51c30b1899bf82d466302759da47561353ffa2c4
SHA256:4cc4ac3aa3438f59cd172fba07180afdfdc99e00db0cba4fd9bf0978fbfd1f8c
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6760 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6364 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B60C4689-4EDB-43BC-A231-93B7FB63CDA0" "2DC3E853-5FF9-4945-83BA-EB9509D00DD6" "6760" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 6056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,12211014293199003279,244374649715306964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6760, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Page contains button: 'Review or Print' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'review or print'
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email claims to be from a Microsoft service but is sent from a dental company domain (dentalica.com). The subject line mentions an NDA document but the email contains no actual content about it, only a suspicious Microsoft login link. Multiple redirected links through antiphishing.vadesecure.com that ultimately lead to login.microsoftonline.com, a common phishing tactic
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465HTTP Parser: Base64 decoded: <body> <div align="center"> <img align="middle" class="logo" width="200" height="67" alt="VadeSecure logo" src="vadesecure-logo.png"/> </div> </body> </html>
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: EmailClassification: Credential Stealer
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.18:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.152.19:443 -> 192.168.2.18:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.152.19:443 -> 192.168.2.18:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.18:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.18:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.28.21:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 0MB later: 38MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: global trafficHTTP traffic detected: GET /v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465 HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /styles.16be3c9519762a3240e8.css HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /runtime.3847a57210e62cb7ac86.js HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /polyfills.2daf523d1a5fc162c0c2.js HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /main.3791483c41ff7549eac3.js HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-type: */*sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /4.efcb4f36899adf4857d1.js HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /translations/en.json HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-type: */*sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/load.svg HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/logo-cloud.png HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /app/config/config.json HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /vadesecure-logo.png HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/load.svg HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analyse HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /translations/en.json HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/logo-cloud.png HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://antiphishing.vadesecure.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveOrigin: https://login.microsoftonline.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-tUn4lSNL0Ls=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkVT9PbdLyseWtUznTaPEsjqbHAxKGzJMyYQKLE-r2gsdAzGp_FvssSM3uR_nPMNUFZwqdr8qn1kDb0_64OqB1enjsM1VOVQosAIo71cQbfXqFDwiiDP3gBEvfKIgD6z27PLwlsno9IswsCFxKkTM9yAA; fpc=ApHGmbrH-T5NtlHOZlIVwl4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEwF58WQlB3GNndyG9rFnVf3yX0jVgTjm1l69j8TUMjwbJJLRvCJeCF13LK7my9jaemq2zO-cWqo3-qhJMAMr7jE7SqC_6oez5nw27k0GrJ9Y392WtqLYbEfTFpm4BhWdljwiytXUuSMbTCGnuZ1qmoaQUc5YY5BWavR0EvtgHltggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-tUn4lSNL0Ls=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkVT9PbdLyseWtUznTaPEsjqbHAxKGzJMyYQKLE-r2gsdAzGp_FvssSM3uR_nPMNUFZwqdr8qn1kDb0_64OqB1enjsM1VOVQosAIo71cQbfXqFDwiiDP3gBEvfKIgD6z27PLwlsno9IswsCFxKkTM9yAA; fpc=ApHGmbrH-T5NtlHOZlIVwl4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEwF58WQlB3GNndyG9rFnVf3yX0jVgTjm1l69j8TUMjwbJJLRvCJeCF13LK7my9jaemq2zO-cWqo3-qhJMAMr7jE7SqC_6oez5nw27k0GrJ9Y392WtqLYbEfTFpm4BhWdljwiytXUuSMbTCGnuZ1qmoaQUc5YY5BWavR0EvtgHltggAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-tUn4lSNL0Ls=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkVT9PbdLyseWtUznTaPEsjqbHAxKGzJMyYQKLE-r2gsdAzGp_FvssSM3uR_nPMNUFZwqdr8qn1kDb0_64OqB1enjsM1VOVQosAIo71cQbfXqFDwiiDP3gBEvfKIgD6z27PLwlsno9IswsCFxKkTM9yAA; fpc=ApHGmbrH-T5NtlHOZlIVwl4; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGvZ1psG8NE1jp0WnhPH_do7XD9QWfFmSJgL-Uh5y79y0aoZPIvzuk5aTvEvEc2uQwYpj1qhhKF5SvL9IkdZxWfLvcKaxxvPLsTps851rgIkgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEpgkVwUQxdGxyf5UqtY3FAa-OWSss7pIhiN0QDAW2q0_W6AhCa5LUX9td_iAZ_pKVAvaOJ2zVbdHvVJ77IeQ-GEzpOkA0BcnVOdxuj4F7pz2P7oPkzfWG647wEPJFF4cSr_c4_rvBoZvEvscqYc0WJImRVn2AFSzX9OKTUrevdy0gAA; esctx-ePzd1LjEwPY=AQABCQEAAABVrSpeuWamRam2jAF1XRQEDS3tPZTR7GYBa-jng0pLVHj2JZn_anvthclSVW6YlaMpVBSMyu1AJVgX8W5ONyxGE5Ude1c6Nk6oRD2y2VqEBE5wIQjp4Yol-YoG5kibnRusyRWCqjhZnXvOyFbG7QXpLYdh4_QcJ5cYaSmIGYnELCAA; MicrosoftApplicationsTelemetryDeviceId=6f679917-664f-437c-a034-fe12bfa3394e; brcap=0; ai_session=cF5bFI/il9H0gY5phirkjW|1742909917720|1742909917720; MSFPC=GUID=829677f8cbfb4a4d97fd46bccb7782a4&HASH=8296&LV=202503&V=4&LU=1742909921494
Source: global trafficHTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: esctx-tUn4lSNL0Ls=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkVT9PbdLyseWtUznTaPEsjqbHAxKGzJMyYQKLE-r2gsdAzGp_FvssSM3uR_nPMNUFZwqdr8qn1kDb0_64OqB1enjsM1VOVQosAIo71cQbfXqFDwiiDP3gBEvfKIgD6z27PLwlsno9IswsCFxKkTM9yAA; fpc=ApHGmbrH-T5NtlHOZlIVwl4; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEGvZ1psG8NE1jp0WnhPH_do7XD9QWfFmSJgL-Uh5y79y0aoZPIvzuk5aTvEvEc2uQwYpj1qhhKF5SvL9IkdZxWfLvcKaxxvPLsTps851rgIkgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEpgkVwUQxdGxyf5UqtY3FAa-OWSss7pIhiN0QDAW2q0_W6AhCa5LUX9td_iAZ_pKVAvaOJ2zVbdHvVJ77IeQ-GEzpOkA0BcnVOdxuj4F7pz2P7oPkzfWG647wEPJFF4cSr_c4_rvBoZvEvscqYc0WJImRVn2AFSzX9OKTUrevdy0gAA; esctx-ePzd1LjEwPY=AQABCQEAAABVrSpeuWamRam2jAF1XRQEDS3tPZTR7GYBa-jng0pLVHj2JZn_anvthclSVW6YlaMpVBSMyu1AJVgX8W5ONyxGE5Ude1c6Nk6oRD2y2VqEBE5wIQjp4Yol-YoG5kibnRusyRWCqjhZnXvOyFbG7QXpLYdh4_QcJ5cYaSmIGYnELCAA; MicrosoftApplicationsTelemetryDeviceId=6f679917-664f-437c-a034-fe12bfa3394e; brcap=0; ai_session=cF5bFI/il9H0gY5phirkjW|1742909917720|1742909917720; MSFPC=GUID=829677f8cbfb4a4d97fd46bccb7782a4&HASH=8296&LV=202503&V=4&LU=1742909921494
Source: global trafficDNS traffic detected: DNS query: antiphishing.vadesecure.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownHTTP traffic detected: POST /analyse HTTP/1.1Host: antiphishing.vadesecure.comConnection: keep-aliveContent-Length: 824sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-type: */*sec-ch-ua-mobile: ?0Origin: https://antiphishing.vadesecure.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/plain; charset=utf-8vary: Originx-content-type-options: nosniffdate: Tue, 25 Mar 2025 13:38:31 GMTcontent-length: 19connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/plain; charset=utf-8vary: Originx-content-type-options: nosniffdate: Tue, 25 Mar 2025 13:38:31 GMTcontent-length: 19connection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.18:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 163.172.240.109:443 -> 192.168.2.18:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.152.19:443 -> 192.168.2.18:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.152.19:443 -> 192.168.2.18:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.18:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.18:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.28.21:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: classification engineClassification label: mal48.winMSG@24/28@12/77
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250325T0938180551-6760.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B60C4689-4EDB-43BC-A231-93B7FB63CDA0" "2DC3E853-5FF9-4945-83BA-EB9509D00DD6" "6760" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,12211014293199003279,244374649715306964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B60C4689-4EDB-43BC-A231-93B7FB63CDA0" "2DC3E853-5FF9-4945-83BA-EB9509D00DD6" "6760" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,12211014293199003279,244374649715306964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Process Injection
LSASS Memory12
System Information Discovery
Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://antiphishing.vadesecure.com/styles.16be3c9519762a3240e8.css0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/images/load.svg0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/4.efcb4f36899adf4857d1.js0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/runtime.3847a57210e62cb7ac86.js0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/polyfills.2daf523d1a5fc162c0c2.js0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/translations/en.json0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/app/config/config.json0%Avira URL Cloudsafe
https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c35694650%Avira URL Cloudsafe
https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=true0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c35694650%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/main.3791483c41ff7549eac3.js0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/analyse0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/images/logo-cloud.png0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/redirect0%Avira URL Cloudsafe
https://antiphishing.vadesecure.com/vadesecure-logo.png0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    high
    s-part-0010.t-0009.t-msedge.net
    13.107.246.38
    truefalse
      high
      antiphishing.vadesecure.com
      163.172.240.109
      truefalse
        high
        e329293.dscd.akamaiedge.net
        23.209.72.31
        truefalse
          high
          www.google.com
          142.251.40.196
          truefalse
            high
            s-0005.dual-s-msedge.net
            52.123.129.14
            truefalse
              high
              www.tm.a.prd.aadg.trafficmanager.net
              20.190.152.19
              truefalse
                high
                aadcdn.msftauth.net
                unknown
                unknownfalse
                  high
                  login.microsoftonline.com
                  unknown
                  unknownfalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://antiphishing.vadesecure.com/styles.16be3c9519762a3240e8.cssfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://antiphishing.vadesecure.com/polyfills.2daf523d1a5fc162c0c2.jsfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.jsfalse
                      high
                      https://antiphishing.vadesecure.com/runtime.3847a57210e62cb7ac86.jsfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://antiphishing.vadesecure.com/app/config/config.jsonfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://antiphishing.vadesecure.com/images/load.svgfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://login.microsoftonline.com/common/GetCredentialType?mkt=en-USfalse
                        high
                        https://antiphishing.vadesecure.com/4.efcb4f36899adf4857d1.jsfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://antiphishing.vadesecure.com/translations/en.jsonfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465false
                        • Avira URL Cloud: safe
                        unknown
                        https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https:%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465false
                          unknown
                          https://login.microsoftonline.com/favicon.icofalse
                            high
                            https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&sso_reload=truefalse
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465false
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/main.3791483c41ff7549eac3.jsfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/analysefalse
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/images/logo-cloud.pngfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/redirectfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://antiphishing.vadesecure.com/vadesecure-logo.pngfalse
                            • Avira URL Cloud: safe
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            1.1.1.1
                            unknownAustralia
                            13335CLOUDFLARENETUSfalse
                            13.107.246.40
                            s-part-0012.t-0009.t-msedge.netUnited States
                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            163.172.240.109
                            antiphishing.vadesecure.comUnited Kingdom
                            12876OnlineSASFRfalse
                            142.250.176.202
                            unknownUnited States
                            15169GOOGLEUSfalse
                            40.126.24.149
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            172.253.63.84
                            unknownUnited States
                            15169GOOGLEUSfalse
                            52.111.251.19
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            52.123.129.14
                            s-0005.dual-s-msedge.netUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            52.168.117.170
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            142.250.64.110
                            unknownUnited States
                            15169GOOGLEUSfalse
                            20.42.65.85
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            20.189.173.12
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            142.251.40.195
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.251.40.196
                            www.google.comUnited States
                            15169GOOGLEUSfalse
                            142.251.40.174
                            unknownUnited States
                            15169GOOGLEUSfalse
                            13.107.246.38
                            s-part-0010.t-0009.t-msedge.netUnited States
                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            23.209.72.31
                            e329293.dscd.akamaiedge.netUnited States
                            20940AKAMAI-ASN1EUfalse
                            40.126.28.21
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            40.126.35.150
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            20.190.152.19
                            www.tm.a.prd.aadg.trafficmanager.netUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            IP
                            192.168.2.18
                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1648087
                            Start date and time:2025-03-25 14:37:42 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:9
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Sample name:Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg
                            Detection:MAL
                            Classification:mal48.winMSG@24/28@12/77
                            Cookbook Comments:
                            • Found application associated with file extension: .msg
                            • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 184.31.69.3
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenFile calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/4.efcb4f36899adf4857d1.js
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/app/config/config.json
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/images/load.svg
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/polyfills.2daf523d1a5fc162c0c2.js
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/runtime.3847a57210e62cb7ac86.js
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/styles.16be3c9519762a3240e8.css
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/translations/en.json
                            • VT rate limit hit for: https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&amp;i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&amp;k=Jgud&amp;r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&amp;s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&amp;u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5c
                            • VT rate limit hit for: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&amp;sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465
                            • VT rate limit hit for: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1&amp;sessionid=0022d229-8e5b-5cc0-f367-e3a0c3569465&amp;sso_reload=true
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):72
                            Entropy (8bit):4.241202481433726
                            Encrypted:false
                            SSDEEP:
                            MD5:9E576E34B18E986347909C29AE6A82C6
                            SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                            SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                            SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                            Malicious:false
                            Reputation:unknown
                            Preview:{"Message":"The requested resource does not support http method 'GET'."}
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (46812)
                            Category:downloaded
                            Size (bytes):142588
                            Entropy (8bit):5.430325360831281
                            Encrypted:false
                            SSDEEP:
                            MD5:F7CD746319AB2EA391D6B4386A7C8D32
                            SHA1:4ADFCD23EE4D2E2C50937B5E8DAA50762E1DE018
                            SHA-256:3136538617D98C749991F5DCAD819761C127C419D62F85DBAAE00F7B1DC1E997
                            SHA-512:B583BD2DBA637A7BD9885A8ED15ED627861A8B057BFA0816B2FD9795097003A9B7DA56C6F3C043F85804B7273E93CEAA6413BE1D29A15DEF94EDC216FB496740
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js
                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                            Category:downloaded
                            Size (bytes):20410
                            Entropy (8bit):7.980582012022051
                            Encrypted:false
                            SSDEEP:
                            MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                            SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                            SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                            SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                            Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 352 x 3
                            Category:downloaded
                            Size (bytes):2672
                            Entropy (8bit):6.640973516071413
                            Encrypted:false
                            SSDEEP:
                            MD5:166DE53471265253AB3A456DEFE6DA23
                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                            Category:dropped
                            Size (bytes):673
                            Entropy (8bit):7.6596900876595075
                            Encrypted:false
                            SSDEEP:
                            MD5:0E176276362B94279A4492511BFCBD98
                            SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                            SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                            SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                            Malicious:false
                            Reputation:unknown
                            Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 352 x 3
                            Category:downloaded
                            Size (bytes):3620
                            Entropy (8bit):6.867828878374734
                            Encrypted:false
                            SSDEEP:
                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                            Category:dropped
                            Size (bytes):17174
                            Entropy (8bit):2.9129715116732746
                            Encrypted:false
                            SSDEEP:
                            MD5:12E3DAC858061D088023B2BD48E2FA96
                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                            Malicious:false
                            Reputation:unknown
                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (2232), with no line terminators
                            Category:downloaded
                            Size (bytes):2232
                            Entropy (8bit):5.19933353228959
                            Encrypted:false
                            SSDEEP:
                            MD5:6C82B9591D45C74072ED9C23CC8F156B
                            SHA1:FA77C8816341AF1AA93A73F40ACECF7804CADE1F
                            SHA-256:6D1F78FE92F945BE2C15153CD0CE0BA1321E48FAF8931DA6912E47DAADE82C0E
                            SHA-512:D86018703155C2008B22C7785EAC1CF128B961C5AEBAF86F29603F796323AA1AFCF6E1D4179B669C88BB84219F8182F3A82DE19A9664ED2D20FE92B281F17F01
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/runtime.3847a57210e62cb7ac86.js
                            Preview:!function(e){function r(r){for(var n,i,a=r[0],f=r[1],c=r[2],p=0,s=[];p<a.length;p++)i=a[p],o[i]&&s.push(o[i][0]),o[i]=0;for(n in f)Object.prototype.hasOwnProperty.call(f,n)&&(e[n]=f[n]);for(l&&l(r);s.length;)s.shift()();return u.push.apply(u,c||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,a=1;a<t.length;a++){var f=t[a];0!==o[f]&&(n=!1)}n&&(u.splice(r--,1),e=i(i.s=t[0]))}return e}var n={},o={0:0},u=[];function i(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,i),t.l=!0,t.exports}i.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise(function(r,n){t=o[e]=[r,n]});r.push(t[2]=n);var u,a=document.createElement("script");a.charset="utf-8",a.timeout=120,i.nc&&a.setAttribute("nonce",i.nc),a.src=function(e){return i.p+""+({}[e]||e)+"."+{4:"efcb4f36899adf4857d1",5:"1f58102d1016fa6a58a6"}[e]+".js"}(e),u=function(r){a.onerror=a.onload=null,clearTimeout(f);var t=o[e];if(0!==t){if(t){var n=r&&
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):19
                            Entropy (8bit):3.6818808028034042
                            Encrypted:false
                            SSDEEP:
                            MD5:595E88012A6521AAE3E12CBEBE76EB9E
                            SHA1:DA3968197E7BF67AA45A77515B52BA2710C5FC34
                            SHA-256:B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
                            SHA-512:FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3
                            Malicious:false
                            Reputation:unknown
                            Preview:404 page not found.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                            Category:downloaded
                            Size (bytes):61052
                            Entropy (8bit):7.996159932827634
                            Encrypted:true
                            SSDEEP:
                            MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                            SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                            SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                            SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                            Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58645
                            Category:downloaded
                            Size (bytes):16623
                            Entropy (8bit):7.984765044329533
                            Encrypted:false
                            SSDEEP:
                            MD5:DC93BC2D0119FD30D10211C016090721
                            SHA1:4C41C88E6C7EA89EA2A97B9E00C8E7DED7688F3F
                            SHA-256:21B0FF92F3FB154A001DEC6CA953D60A567C3A819D11620E4F57B5B1A49C490F
                            SHA-512:012B1025BE14C7CCB1EB67321A0098E95D06861F32165D2B5E45D660312E11B36648B3E00A7F21744C74BC13F84BA0B5DD27960AB6386FFAEA17A5EFE3A21D7D
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js
                            Preview:...........}Ms#.......\.@..'F.........3RH2....~......Q.x7...}..'.}..?e#...QU]....Vo.....].U............^...G........l....y?..:....$>..0.^}t.B..W.G......u.Y..TL...|~%...:q...PApB'.....Wk...|...x.G.((-...J..........?........:.W.^..o.........}.m.a.z.<z........b..ig*..=...V._...b...u8.{.(....&.K.>\....x.........M.....x$>.b+.n,.n...A...;..k?.:......I../.M...Ah...'.\..m@..p... ..7.:N.."*p.B?Xx...Oo..Ox.f.z..G^.....].s.O..h..V...|1..@.........KA._..S.^......... .t.;...D.........vZ......R+W.k.../..e..tP...U+..]......oJ....t..o.....+(....wg.../..u1......_...~,...Ro^i,.l...4....y..ez.9.........Q..E4...R.........]u.)X.Z4&..|r.\...'.....%..b......$..u...HX...KH.7 ..C...{.E.F..+b...s..B.Y...@^. ,D".N.E..`..P..N&"....PpW........~.........R....._...P.f.!...o..p...N...^..El..XB.....@.qg.:../.`.P>.-t..w:.a|..7...8m..U._......k.....1?e1.1..v.L.........,d..Z._.......A. .T......;.S.wC......>`...9:..o....[....V./~...9>..]...0.....1J.%s...7.,q.../..,.<
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:SVG Scalable Vector Graphics image
                            Category:dropped
                            Size (bytes):5316
                            Entropy (8bit):5.11748772056844
                            Encrypted:false
                            SSDEEP:
                            MD5:776B2BD1CD566295034971A14FE80D20
                            SHA1:247BF3960EF481D0BD127CCFA962CEFC680B9D50
                            SHA-256:08D7C39E3772D4A8FAA3238C7E03DDC11CE28E469F815911C153178FB4BD9E04
                            SHA-512:CCDC9ABFB18B6B0080C530C3B03A90E8C7901E38FACDD6F3A0BC747A95D3254F822A3861AFF88E135B11C1EA5B4AF1EF81C49670F5C01DE794A5566B6DB6C4D1
                            Malicious:false
                            Reputation:unknown
                            Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 25.4.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 417.6 258.9" style="enable-background:new 0 0 417.6 258.9;" xml:space="preserve">.<style type="text/css">...st0{fill:#FFFFFF;stroke:#3D505B;stroke-miterlimit:10;}...st1{opacity:0.38;fill:#C3D2D8;enable-background:new ;}...st2{fill:#C3D2D8;stroke:#3D505B;stroke-miterlimit:10;}...st3{fill:none;stroke:#3D505B;stroke-miterlimit:10;}...st4{fill:#6A00F4;stroke:#5500C3;stroke-miterlimit:10;}...st5{fill:#A549FF;stroke:#5500C3;stroke-miterlimit:10;}...st6{fill:#6A00F4;stroke:#5500C3;stroke-width:1;stroke-miterlimit:9.9996;}...st7{fill:#FFFFFF;}.</style>.<g id="layer_1">..<rect id="Paper" x="125.1" y="63.2" class="st0" width="165.6" height="195.2"/>..<circle class="st1" cx="137.4" cy="73.4" r="2.8"/>..<circle class="st1"
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (32915), with no line terminators
                            Category:downloaded
                            Size (bytes):32915
                            Entropy (8bit):5.248079629087054
                            Encrypted:false
                            SSDEEP:
                            MD5:B9C918128D594300A4E0240611439A74
                            SHA1:08DA04E6068B3FEF9B70B7E689B05F1A1FDCE411
                            SHA-256:8F22F067C478666AF71F92EBE9991946DA07D6C8F2C343BB6129D97D27F66737
                            SHA-512:21E7DAAE87EA158225BE4D934CDA1C040BEEDD64AF9D41B41EBBDCC0A3BE46AF545D22DC9D57375818C1A3F35EFD87B799418EDD36C87AAC71635574105F3687
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/4.efcb4f36899adf4857d1.js
                            Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[4],{J66h:function(module,exports,__webpack_require__){var __WEBPACK_AMD_DEFINE_ARRAY__,__WEBPACK_AMD_DEFINE_RESULT__;!function(l,n){module.exports=n(l)}("undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:this,function(global){"use strict";global=global||{};var _Base64=global.Base64,version="2.5.2",buffer;if(module.exports)try{buffer=eval("require('buffer').Buffer")}catch(err){buffer=void 0}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",b64tab=function(l){for(var n={},t=0,u=l.length;t<u;t++)n[l.charAt(t)]=t;return n}(b64chars),fromCharCode=String.fromCharCode,cb_utob=function(l){if(l.length<2)return(n=l.charCodeAt(0))<128?l:n<2048?fromCharCode(192|n>>>6)+fromCharCode(128|63&n):fromCharCode(224|n>>>12&15)+fromCharCode(128|n>>>6&63)+fromCharCode(128|63&n);var n=65536+1024*(l.charCodeAt(0)-55296)+(l.charCodeAt(1)-56320);return fromCharCode(240|n>>>18&7)+fromC
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                            Category:dropped
                            Size (bytes):1435
                            Entropy (8bit):7.8613342322590265
                            Encrypted:false
                            SSDEEP:
                            MD5:9F368BC4580FED907775F31C6B26D6CF
                            SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                            SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                            SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                            Malicious:false
                            Reputation:unknown
                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455667
                            Category:downloaded
                            Size (bytes):122924
                            Entropy (8bit):7.9974224995855785
                            Encrypted:true
                            SSDEEP:
                            MD5:33E13AB2DB6540C3B64C119CE450CFA8
                            SHA1:2608E73884B3F039987C3BB31C4ACB31BD48A5F4
                            SHA-256:06BBD11635362530528A350A84DEA1F961D261BE142B79C56478C703F02334C2
                            SHA-512:8A3607B7FB58A2510ADDB86FC6C4353CF2D41371DF35A3C42A49BA38FAD9A9B4BA6E74B38180FCA09FE406BD60AF43ACE06457D27C94DE670C0A60B41227BB5A
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
                            Preview:...........{w.8.8.....fn..(..o+....*.I.....Merd.v.%.$.1.......([NU....s.Q.H... .....w.......Oit....OJ.O..J..............F....^\.x>+...3....0*y..F.0....f.o..~i...R..J.(..9I\.8.Bc..2T...K;J^K...*..6o..P.....!).a.9.d.....G..."pYTz~...Da.N.R...=A#....M.%;b..%.I.%......!E.15.[...:..P.........8_...L...U..ie..|.JIXz.....x.`Z...bj......I..a.,z...~)..D...%.2....-M#;@...`..i......cTt.Z.fs...L/.8..s...R..^...J.?.0.W..K.z.h..Z.5....d...>L..a1.:.......C.G.....G..?c^....,]....Q8..@.u.b.4..K..!`_.....q|q.?]..<>.L....+..R........d..uO...v.G...c..;...A.KX.Y0M....g...>....'a.:g..;.>...9.b.:0.e[.*....w...T......JE..V..;....wU...TYf....?.....ua8...i....$)W.....\..7... EC.h.&e.6..D,YDA..W.Na!..T..$k..;..2..ju .1,D}LdY=..a.>|k....ND/.A...}{+'V?..W%#..o)a.S....c!P8..UI.".n.{.]C.q...-u..a.....$z%...[*.CX......l.}.U.Q.......\.nT..........Z...LK.~.|."...D;U{>._....T$.C..^|)..'e..!.k2=...)Y! )..+.Y.#%........C..>0.r_oo..%.>....=..g..!.V....<%J.D......
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65536), with no line terminators
                            Category:downloaded
                            Size (bytes):559431
                            Entropy (8bit):5.234425173350185
                            Encrypted:false
                            SSDEEP:
                            MD5:AC8EDEC8F1D8160FF62ACA4822330255
                            SHA1:C7882AE94C0850C9FB0108002FE4C71001B51D08
                            SHA-256:89F871A93A4F7BF7DB98650303C08884AA602133455AC7B2E1EE199C4617C168
                            SHA-512:EB7AFA78A25E98777355CC75BF1BE7A97DABAF0141EC5C813A4B952599E4F13E01A99FAABD5867478DC25D1A17E0A0EDE5B63BD2BA70C6371A0F7FABF629D333
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/main.3791483c41ff7549eac3.js
                            Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[1],{"+tJ4":function(t,e,n){"use strict";n.d(e,"a",function(){return r});var r=function(t){return function(e){for(var n=0,r=t.length;n<r&&!e.closed;n++)e.next(t[n]);e.closed||e.complete()}}},"+umK":function(t,e,n){"use strict";function r(){}n.d(e,"a",function(){return r})},"/WYv":function(t,e,n){"use strict";function r(t){return t&&"function"!=typeof t.subscribe&&"function"==typeof t.then}n.d(e,"a",function(){return r})},0:function(t,e,n){t.exports=n("zUnb")},"0/uQ":function(t,e,n){"use strict";var r=n("6blF"),o=n("/WYv"),i=n("2ePl"),a=n("xTla");var s=n("En8+");var u=n("IUTb"),c=n("pugT"),l=n("S5XQ");var p=n("u67D");var f=n("JcRv");var h=n("Fxb1");function d(t,e){if(!e)return t instanceof r.a?t:new r.a(Object(h.a)(t));if(null!=t){if(function(t){return t&&"function"==typeof t[a.a]}(t))return function(t,e){return e?new r.a(function(n){var r=new c.a;return r.add(e.schedule(function(){var o=t[a.a]();r.add(o.subscribe({next:function(t){r.a
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (3445), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):3447
                            Entropy (8bit):5.1147634913081745
                            Encrypted:false
                            SSDEEP:
                            MD5:ACDEC8DAD3164FBA20E86D50F1B979F1
                            SHA1:0C5FD1CCA5BECDB0080D20E6A90CCD91BC0D5894
                            SHA-256:1D2CDE2E778A731CBD158758F735E1BCC2508A8252720D261D94068AFF45AACC
                            SHA-512:A9D25D79EDF7BD8D668D5833263461B72B077AD3885A05DE749C7F0326BFC7C8D5D2D967E11FF40E52755211774DEC0E913532BC86AEEEC37B243A213CECEEC1
                            Malicious:false
                            Reputation:unknown
                            URL:https://login.live.com/Me.htm?v=3
                            Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
                            Category:downloaded
                            Size (bytes):5529
                            Entropy (8bit):7.963357626093036
                            Encrypted:false
                            SSDEEP:
                            MD5:2897F2B9FBDFCA48FD9E7C3EBACD4825
                            SHA1:1AC29A73147FAB24EECEDE0BBF4ABAC2B09B4FDA
                            SHA-256:34AC02CED788528E58CD6EBB75EDF624F4061D4839369AF860A36AC0BFC3C830
                            SHA-512:508CE7E7E1D3AE2101737E8D26A1257D516F8644ADC3AB5BE2A6B86C0B21CCFC32C1030B2014BE1280B9AF29AEB78A005D2242A2D12C68D2C3733941BCF64A42
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js
                            Preview:...........[}w.......q.Q.f......q....c..&9:H.$b..E.UK......$!..ss.`vgggg.}...j_i.....G...{.e[..\7.+....].:.......7.6....9p...(.D..a..Q.\hS...n...h.....I...S...H.h...^3...+7I.Z......?.C..F..?OR-.R..57.$../...,.x..O..D...I$.Q.%|..;l"f._.in.5.Sm.%.D.ai]......QHp...{@8....8........5Q....+dD.:.Z.i.h.Q_......6.r../..o6L..c.....A.E.O4.,A.k.!.....8qCby.....'.Oy.20.....Oc."O.4..(.y@w+....[..h.g.._[..f|}t......cSMM.4.....O'..5...^4......[..;..{...P....l.j6..Z3..~..uU.~g..W9./.....tC.G.]......._..~.A... v....C.S1.X|.dZ.LL........_}..=..C:..Y..x...a|m...c.%x.....[...j6t...p......c.fNd.6...&.*....%.. tS..<...A...c.3j=@3.5.. eS.u!>..j........B.kpE_.81.x./Z..&K.nI.L.n.vn.Q..&....Y:.... a8..f...)...."...;z..d(...{\.B.."R..n.g#.@.G<......S.qPt......r..H.V...s......w..['..$../..=.n.&sv...z.Q8...A.H...?..<..Y./....m.Y.........C*.F`M..I..p.?.n2........D.......,.%....GE....|..{....)....u......<!.>..~~.v...|.Cj....V.^s..M.9.i7....8I..8}8%...'.I#...Y..i.........
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 300 x 120, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):8965
                            Entropy (8bit):7.9585820102925116
                            Encrypted:false
                            SSDEEP:
                            MD5:14C9FB3C6A688289A128DBE23EAA8375
                            SHA1:47208516DB1D05F93EEE566CDEE9DDC8721A2DB2
                            SHA-256:994CA4F9D6A564EC2341F1B82060776EF01BAECC38C1FDFE0540E5F1583166BB
                            SHA-512:01D1FEA80F6BFF18800421D4A07B30C9A95DADDF5883A0DF3D45E55EEA5630BC4AC4AC424FC31B29628617F20CFF46998421DC38CC88CB6C63837856A525A265
                            Malicious:false
                            Reputation:unknown
                            Preview:.PNG........IHDR...,...x.....H.. ....pHYs...%...%.IR$.....sRGB.........gAMA......a...".IDATx..m...U...^........{w{.......UH...g.....c...q....@...)Hhz.....X.......@....a!..i.,..{........H(q{.]..]u9.V.tM.TW...t.......VWw..s.=..h4..A`.y....f.H!.d.ue.......DS..,.....\..a..5L.....w.L`...-..+.z<...h.^..x......Z.R.u-l.~.>..X.....*.t...!...wY.-.z...4.......g.... .......jA..y...M..|F..$..#,...=.2i..px....N.....JZ/.s^.....^......S.Q........^=.s.[..9........-...?.,C3....Z..;...=.6.....`.q......}-c=G..E..b :l%.J.X....[TB...>h.{...{.w..ek..[Y.!Xi....:.0f..O.V..y&..f....E.....[U$..e..oi..c.)..]Kq...x.h..H...V.[N$...Gem..@.@.J,.X!...=..;.k.L8Z.....o.|.L.-..b..5{.4.FB.D.j[A..%.$...L*.......]+q...x.D.X..%xJ....$.P.|..\C;$T.j.ak.g..~...g...2....i..V.?.{...p.p.....c.2+..oz".Y4.0..Q....Y........J.v../.$.%..0YV..gI.to[Y....(kL.e...M!...`...LI.XDj......6...`....K0.......9h.was:.fU..*8.......s..v$h..4./ _O.._.r1.pp?..+=K..).#...xBI.Z..`!.......U.i.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                            Category:downloaded
                            Size (bytes):35169
                            Entropy (8bit):7.993210932978764
                            Encrypted:true
                            SSDEEP:
                            MD5:57EADECAC2A031883A702F6B12A14502
                            SHA1:3C1E4F5ABE11775DD678085EAC97029DF618A9F7
                            SHA-256:C76276A58DFB0E4D68D277526E5F05EE357E13957B4C91BE2C74BE7CD20B065E
                            SHA-512:D98AC263512C6CDB0A522C8B550F4CA8B901F620A1ED416C49163B28E0D5D08EA9605BF681F9F0C5567EB244BBD319D6596C6B46E860F48AD5CE31154DD2CA5A
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js
                            Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:{...r..._........,...A........:..x.>.y..u.....N..f...).......<?._.f..C.....%..@..~....`P../.Q4..IQ.' ...e)'.q..Y:...%.z..x..k.z.../....@.D.r?......GP....`..o.'..~1.....&.HJ.`.@.}mV../8.b.m..guo.H_.7Qv.....dQ.....-.NE......G:.U'.....~.1.....H.k...O..dk.d.|.7..x\/..i^.Y..Q_/.`..i.&...-.......P...yEv....,....'.^...X.......YK.".....l.r.ax.....<...1!..4GQ.M_.....L..F..51.!.....].....y...(...=O5?.nT...~
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (2606)
                            Category:downloaded
                            Size (bytes):3364
                            Entropy (8bit):6.085928092268289
                            Encrypted:false
                            SSDEEP:
                            MD5:FC99EE6AA402967DCD16593579695DD8
                            SHA1:FFB1F5DC57D0F10552788C0EFDD812DFB70BBBC2
                            SHA-256:77EE205EC294716C608D4F43DCCA6A4D75F4EA43B289F0E2A881B07ACF5B95B2
                            SHA-512:BED36DCAA63DDE17E7FB694AF65820DA52CF51D74FA711EC8011D4A60504A212B876E47A3BA2D6BD0E5AF337B6C7D71B3A0F5779CEA4554EA706BA5FAC27F30A
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465
                            Preview:<!doctype html>.<html lang="en" data-logo="images/logo-cloud.png">.<head>. <title id="text-title">Anti-phishing analysis</title>. <base href="https://antiphishing.vadesecure.com/">. <meta charset="UTF-8">. <meta name="vsc-antiphishing" content="1.0">. <meta name="viewport" content="width=device-width, initial-scale=1">. <link rel="icon" href="./favicon.ico" />.<link rel="stylesheet" href="styles.16be3c9519762a3240e8.css"></head>.<body data-users="{&#34;context&#34;:{&#34;emailFrom&#34;:&#34;Francesca.Palasciano@dentalica.com&#34;,&#34;emailTo&#34;:&#34;jean-christophe.bescond@chantiers-atlantique.com&#34;,&#34;login&#34;:&#34;VRC198148&#34;,&#34;time&#34;:&#34;&#34;,&#34;action&#34;:&#34;&#34;,&#34;IIP&#34;:{&#34;url&#34;:&#34;https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65536), with no line terminators
                            Category:downloaded
                            Size (bytes):94555
                            Entropy (8bit):5.06394242860707
                            Encrypted:false
                            SSDEEP:
                            MD5:940FEFF436A6FB6FBA25E2FA78B88F49
                            SHA1:B57396B0C9A0611707F0A2FE6D250EDEFA3B2281
                            SHA-256:7AE3FE5A3005E6A4A45748A9025190DEB3DAD53F2E345261500EE5D8256D79F3
                            SHA-512:B6BFDD010F9A82AAD2EBEBE9BDD55EA9CF7F7328C5261B8A0A6B2585322174C23F3274FBFDAB639D89BEB6CC1DE9F941AD1F8468E59D03B968818BB23BA9CC9E
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/styles.16be3c9519762a3240e8.css
                            Preview:@charset "utf-8";*,:after,:before{box-sizing:border-box}body,button,div,fieldset,figure,footer,form,h1,h2,h3,h4,header,html,iframe,label,li,nav,object,p,section,ul{border:none;outline:0;margin:0;padding:0}::-moz-selection{background:#d61f29;color:#fff}::selection{background:#d61f29;color:#fff}html{background:#fff;background:linear-gradient(to bottom,#fff 0,#e6e6e6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);height:100%;position:relative;width:100%}body{background:#fff;background:linear-gradient(to bottom,#fff 0,#e6e6e6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);color:#666;font-family:'Open Sans',Arial,sans-serif;font-size:15px;line-height:24px;font-weight:400;letter-spacing:normal;padding-bottom:120px;min-height:100%}h1{color:#333;font-size:18px;line-height:27px;margin:10px 0 20px}h2{font-size:16px;line-height:24px;margin:0 0 20px}ul{l
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65536), with no line terminators
                            Category:downloaded
                            Size (bytes):106404
                            Entropy (8bit):5.3639815962876245
                            Encrypted:false
                            SSDEEP:
                            MD5:920DBA2A9D981A1FB6B23EEB3808E063
                            SHA1:9F6B8B0E38CD21ED64BA6EFC98DB8DD2755D220C
                            SHA-256:7750ADF4099B74C0BEC40860C75B3EBC889724558944BC1C03EE0C91F0605D8C
                            SHA-512:F7D7F67D7DE7497C64B224B7ED653A97794C0E8F5B65E3A0853B423FE5B9C4E40F875837FF2E0380FE2B92C4FD60E5A93588F09386AE5000D1325FEFC94B837C
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/polyfills.2daf523d1a5fc162c0c2.js
                            Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[2],{"+auO":function(t,e,n){var r=n("XKFU"),o=n("lvtm");r(r.S,"Math",{cbrt:function(t){return o(t=+t)*Math.pow(Math.abs(t),1/3)}})},"+lvF":function(t,e,n){t.exports=n("VTer")("native-function-to-string",Function.toString)},"+oPb":function(t,e,n){"use strict";n("OGtf")("blink",function(t){return function(){return t(this,"blink","","")}})},"+rLv":function(t,e,n){var r=n("dyZX").document;t.exports=r&&r.documentElement},"/KAi":function(t,e,n){var r=n("XKFU"),o=n("dyZX").isFinite;r(r.S,"Number",{isFinite:function(t){return"number"==typeof t&&o(t)}})},"/SS/":function(t,e,n){var r=n("XKFU");r(r.S,"Object",{setPrototypeOf:n("i5dc").set})},"/e88":function(t,e){t.exports="\t\n\v\f\r \xa0\u1680\u180e\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u202f\u205f\u3000\u2028\u2029\ufeff"},"0/R4":function(t,e){t.exports=function(t){return"object"==typeof t?null!==t:"function"==typeof t}},"0E+W":function(t,e,n){n("elZq")("Array")},"0
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:downloaded
                            Size (bytes):50
                            Entropy (8bit):4.21287868934203
                            Encrypted:false
                            SSDEEP:
                            MD5:48CEF5284EEBCF3B1380D6710357990C
                            SHA1:B381F3445730FEFD66485A85E761CF6323D59AD9
                            SHA-256:CDFC8444656AA534028FB59331119A15CE73E5129435B877ED8AA11A65C91FA7
                            SHA-512:419F94B95EE23EE0AD5DEB4C1580C6A0C3E39C04D81E21DD9BCB6BC68823788F6A5D80B4BBB8ECBB52349010418D1F5910791C6C091299BD6D8432782DA224DA
                            Malicious:false
                            Reputation:unknown
                            URL:https://antiphishing.vadesecure.com/app/config/config.json
                            Preview:{. "serviceUrl": "http://localhost:4220".}.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2444
                            Entropy (8bit):4.6547645458915685
                            Encrypted:false
                            SSDEEP:
                            MD5:C7A394F950B4464C3333972349CBEA1E
                            SHA1:38149F545C42265641AF887951C02AC98C2BBDA6
                            SHA-256:7E77BE3B81880130E86E5025825504F4AC6608C3BCB9EDCB92342ED01BDA52E9
                            SHA-512:29493B2A3CB0D787841A3FFFE46E068F57F80766951452EDD61398096FED52606C1981456AFE4D1EB480AED5F9A55C9E7AA3FB571987B30BC7C5380121C4337D
                            Malicious:false
                            Reputation:unknown
                            Preview:{. "CANT_FIND_WAY_BACK": "Can't find your way back?",. "clean": "The site is clean.",. "cleanRedirect": "You will be redirected.",. "exitPage": "Leave the page",. "followTheTrainingClass": "Stop falling for phishing",. "goAnyway": "Proceed to the page anyway",. "goWebSite": "Proceed to web page with caution",. "ifYouBelieveThisWebsiteIsLegitimate": "If you believe this website is legitimate, please proceed to web page with caution.",. "internalError": "Internal error, retry later.",. "letsTakeThePhishingClass": "Train yourself",. "PAGE_NOT_FOUND": "Page not found",. "phishing": "The web page has been identified as PHISHING.",. "phishingContent": "Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons. We advise you do not visit the page.",. "running": "Security analysis in progress.",. "suspicious": "Warning: suspiscious li
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                            Category:downloaded
                            Size (bytes):116362
                            Entropy (8bit):7.997473195483862
                            Encrypted:true
                            SSDEEP:
                            MD5:81C7B985343C317ADEEA2C28F5C6FF4D
                            SHA1:7A04D6215D0B79EEDE6823C4B3621795AD552534
                            SHA-256:6BDBA6F0D2271DD20E6E6AEA2B459A1A23050EDE1B3BBADE4C913A1716F6E491
                            SHA-512:DDF40137ED7F870C5E7475685BA9006F9C99C7C0632A9E7738DCF9BD081C105ABA5B94B3302BBD26DFF413DC065FC442D3CDDA33684709D6185B409F08158085
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js
                            Preview:...........k{.H.(.}.......c....8=.Ib......#Ca.....K..o..ZU%...q..9...ct).....S..*?U.6..rqyt~Y9}W..........Z.xzy..x.z.Q.w9......^...U.........<..G....=wZ.....Oxe.._.0.*S/..k>..*&T..*gn.?TN....6.....a0...I\......)....$......7.T>x.0..q\...{..H...|.....2..x"..\`IYkD..#*....FP....a.^.].'0h.&.....ie..|.*qPy....l<..S.y.E..>.....a...3..-vq:..P<..dE.....C.h.P..]..\5.......3.<N.^?T...:B#c....|...T.........(...Q.l7[...V.e.W.8.G.....O...0.m...f.F...7..h.......F..b...Yr.=...f.....?......S.}U..g.......t..../...G.......~.+...)y.X\...<.&.........`.v.....`^....c4c.Yh=.a.wB.m.......i..~v-..O..nY....A....5...v...t..FSw...Q/n...c.9Y{.-..>a..7h..o..ec...O...)~..8...j-M..nD....9......f5..'Q#...L.'......fZW."Q[.<.nx..O...LU.;..a.m..&.k.$...;.=L...yv....,.f<Hb{.w.@.8...8F.D.>.04.[K6v.i..2.#?..&.;-.].....1.X0w.H6mZ..A...t..e-.\...MC6.xt`..cu...@_...v....;z'.mV.T/o.i....-...K......\..Sn>B......%x..%......W.|......~.6.%...+.:..x5..s5P.-..!.G...ZT.i...;.&
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):100
                            Entropy (8bit):5.340078225325278
                            Encrypted:false
                            SSDEEP:
                            MD5:4EB1BF41AB29B49E051D1BE8CB217DE7
                            SHA1:777EE04B5498060CA06C2290AEE1CD152AAD3AD1
                            SHA-256:D67D42DA1BE5B25B5938EF3CA1681D49B1181F3CCA7CBD207D51DAB056E2E272
                            SHA-512:246D15CDF03ED0F86C758671C6C81682616A89F5A419FD6D46F3972C4D142B915F65F2EC827255406049D96E0C839C6DA027A03FB436A354F01B931F8796234D
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCYICaXLWAdtdEgUN0VtRUhIFDVd69_0hEB211q5PHpg=?alt=proto
                            Preview:CkgKDQ3RW1FSGgQIVhgCIAEKNw1Xevf9GgQISxgCKioIClImChxAISMuKiQtXyslJj8vXj0pKCw6O348JyJcXT5bEAEY/////w8=
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                            Category:dropped
                            Size (bytes):621
                            Entropy (8bit):7.673946009263606
                            Encrypted:false
                            SSDEEP:
                            MD5:4761405717E938D7E7400BB15715DB1E
                            SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                            SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                            SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                            Malicious:false
                            Reputation:unknown
                            Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...
                            File type:CDFV2 Microsoft Outlook Message
                            Entropy (8bit):6.762194169877044
                            TrID:
                            • Outlook Message (71009/1) 58.92%
                            • Outlook Form Template (41509/1) 34.44%
                            • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                            File name:Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg
                            File size:151'040 bytes
                            MD5:e2f49818ed2f2d458047b0e22bebc41e
                            SHA1:51c30b1899bf82d466302759da47561353ffa2c4
                            SHA256:4cc4ac3aa3438f59cd172fba07180afdfdc99e00db0cba4fd9bf0978fbfd1f8c
                            SHA512:127ebf197d2815f173810c24c7553b7e9bf052033cd0c1609edbbd7caf1f57129661a69a0d30722154be525233edb6907c51523a26b4c95b3d0c45e21da8f4a2
                            SSDEEP:3072:b0VpGThwpxZZFvaqUERPBLwx9T6GibV0+MAMjtbuVC:Q3Zu2INipMAItby
                            TLSH:9EE36C253AF94B05F27FEF3159E5A18349277DC2ED20938F3895370D1871A81E8A5B2B
                            File Content Preview:........................>......................................................................................................................................................................................................................................
                            Subject:Review requested on "PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF"
                            From:Francesca Palasciano <Francesca.Palasciano@dentalica.com>
                            To:"OneDrive@infomail.microsoft.com" <OneDrive@infomail.microsoft.com>
                            Cc:
                            BCC:
                            Date:Tue, 25 Mar 2025 13:16:36 +0100
                            Communications:
                            • AVERTISSEMENT: Cet e-mail provient de lextrieur de lorganisation. Ne cliquez pas sur des liens ou nouvrez pas de pices jointes moins de reconnatre lexpditeur et de savoir que le contenu est sr. <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=fc924eea4e660034d86fecbf84a1b1938498604b1e880a19ba8075f3bf9fb34b&u=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Freprocess%3Fctx%3DrQQIARAA02I20jOwUjE3MEs1MDUx0jVKSUvSNUk1T9O1tEgz0DVMNTRPTUwySzFNsigS4hLwUD-2_IK_v1_j6lWzHTonha1ilMkoKSkottLXLzPQTc5IzM3UK0stSk7N0UssKNDfwch4gZFxFRObkaGxoZHhLSZ-f8fSkgwjEJFflFmV-omJI60oMT03Na9kFjObsaEJUNUmZrbk_Nzc_LxdzCoGBkZGKUZGlroWqaZJuqbJyQa6acZm5rqpxokGycamZpYmZqanmEXyC1LzMlMUUnMTM3MUCory0zJzUm8wM15gYXzFwmPAbMXBwSXAIMGgwPCDhXERK9Af4bGvC1ZfXuO3c2s2t88MV4ZTrPrlJSH6IT7JKUERXoFuSRnZqRb55tmufvoBjmnFyUEVrp5lRin52gURfrmOthZWhhPY2D6wMXawM-zilMYTBAd4GX7wzdjSsHvu01vvPF7x6wRpO-eG-eabp2dYeCY5FaUEBpYa-KWb5flop-UZJnomlbuUuoeFFFSZJwfabhBgeCDAAAA1%26sessionid%3D0022d229-8e5b-5cc0-f367-e3a0c3569465> Francesca Palasciano Responsabile Vendite Dealer Phone: +39 02.89.59.82.07 Mobile: +39 348.2595838 DENTALICA S.p.A. Via Rimini 22, 20142 Milano Tel. +39.02.895981 - info@dentalica.com <mailto:info@dentalica.com> - www.dentalica.com <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=34367b4a3cc4b551fa26f0ee8bac4b05ec2a31767f840a5bfcfc76aa8e5d89d8&u=https%3A%2F%2Fwww.dentalica.com> <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=383f19327c7bba0c7c7543c40746dced7fd0e3a7da48c71f0cd1a8f2832db893&u=https%3A%2F%2Fwww.facebook.com%2Fdentalica.spa> <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=15b764dd04bcc80f2ca45e48ff7eaddbbaee721ac7d9a4c5f519c9bf212d5eac&u=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fdentalica-s.p.a> <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=de2e470d8f96500f9ac67c09c2189f53b2ddf67a219aa3d9cce4cd57b91966f8&u=https%3A%2F%2Fissuu.com%2Fdentalica> <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=ca86479ad8a4dba99f09b86159bd5d1f267192143ea4b70ca1f28b592ead435c&u=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCB3XJko3Fr8vx9XtkolLrcQ> <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=e35be2144ec35b9743822d5ce04048c738546bbaa4bdeb54822573afe71185e1&u=https%3A%2F%2Fwww.dentalica.com%2F> In Dentalica ci impegniamo a fare scelte quotidiane ecologicamente sostenibili. ?? davvero necessario stampare questa email? Aiutaci a ridurre il nostro impatto ambientale, scopri come cliccando qui. <https://antiphishing.vadesecure.com/v4?f=dXF1WU1mV3BtS1V4VGZmWRiJcGIMaaF3OFhhke_h0r683d4SFgBjky9SpHKTvsbtpumfLsS8zsJMH7ts8b9ekA&i=UGdQTlk5MTBobFFsZ3RObU0nBJZU_xdxyQYTmTkrL1U&k=Jgud&r=S3d6VEtuckZtNG4zVEg2UQApdSOMEUZAbM5pCJnrvpoMtsXUscgNi1AK1AyxBeqatJGqGhL9G4z2vBK7hP2ktg5KaMUEe4VXMtaqzp4jDo8&s=be87c508af8c34746266cf78f49c5d142cd719981bbb707167cf7db1be6716d7&u=https%3A%2F%2Fwww.dentalica.com%2Fthink-green> R.E.A. di Milano n. 1152851 - Cap. Soc. ??? 780.000, 00 i.v. - Iscr.Reg.Impr.di Milano n. 231336 - Mecc. N. MI 008306 - C.F. e P.IVA 07314790150 NOTA DI RISERVATEZZA: Il presente messaggio, corredato dei relativi allegati, contiene informazioni da considerarsi strettamente riservate ed ?? destinato esclusivamente al destinatario sopra indicato, il quale ?? l'unico autorizzato ad usarlo, copiarlo e, sotto la propria responsabilit??, a diffonderlo. Chiunque ricevesse questo messaggio per errore o comunque lo leggesse senza esserne legittimato ?? avvertito che trattenerlo, copiarlo, divulgarlo, distribuirlo a persone diverse dal destinatario ?? severamente proibito. Egli ?? pertanto pregato di rinviarlo immediatamente al mittente, distruggendone l'originale. Grazie. CONFIDENTIALITY NOTICE: This message, together with its annexes, contains information to be deemed strictly confidential and is destined only to the addressee(s) identified above, who only may use, copy and, under his/their responsibility, further disseminate it. If anyone received this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender and to erase the original message received. Thank you.
                            Attachments:
                            • image001.png
                            • ATT00001.png
                            • ATT00002.png
                            • ATT00003.png
                            • ATT00004.png
                            • ATT00005.png
                            • ATT00006.png
                            • ATT00007.png
                            Key Value
                            Receivedfrom PAVP189MB2386.EURP189.PROD.OUTLOOK.COM
                            14.3.498.0; Tue, 25 Mar 2025 1317:00 +0100
                            1317:00 +0100 (CET)
                            Tue, 25 Mar 2025 1317:00 +0100 (CET)
                            by AM8P189MB1282.EURP189.PROD.OUTLOOK.COM (260310a6:20b:24c::21) with
                            2025 1216:36 +0000
                            (260310a6:10:110::36) with Microsoft SMTP Server (version=TLS1_3,
                            25 Mar 2025 1216:50 +0000
                            Transport; Tue, 25 Mar 2025 1216:50 +0000
                            by VE1P189MB1040.EURP189.PROD.OUTLOOK.COM (260310a6:800:16b::8) with
                            ([fe80:2e24:7c2a:a80:5d04%5]) with mapi id 15.20.8534.040; Tue, 25 Mar 2025
                            1216:36 +0000
                            FromFrancesca Palasciano <Francesca.Palasciano@dentalica.com>
                            To"OneDrive@infomail.microsoft.com" <OneDrive@infomail.microsoft.com>
                            SubjectReview requested on "PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF"
                            Thread-TopicReview requested on "PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF"
                            Thread-IndexAdudfHorzZ0/nYkFRGOKNXlOQYekxwAAA6SwAAAASOAAAABHoAAAF0ZgAAAAPVAAAABQ0AAAAEyQAAAASeAAAABL8AAAJ+SgAAATo/AAAABOwAAAAEzgAAAARAAAAABC8AAAAECgAABT/OAAAAA7gA==
                            DateTue, 25 Mar 2025 13:16:36 +0100
                            Message-ID<PAVP189MB2386CC44552D98FDA20141798FA72@PAVP189MB2386.EURP189.PROD.OUTLOOK.COM>
                            Accept-Languageit-IT, en-US
                            Content-Languageen-US
                            X-MS-Exchange-Organization-AuthAsAnonymous
                            X-MS-Exchange-Organization-AuthSourcel0-cashub01.casn.net
                            X-MS-Has-Attachyes
                            X-MS-Exchange-Organization-SCL-1
                            X-MS-TNEF-Correlatorreceived-spf: Fail (protection.outlook.com: domain of dentalica.com does not
                            Content-Typemultipart/related;
                            MIME-Version1.0
                            dateTue, 25 Mar 2025 13:16:36 +0100

                            Icon Hash:c4e1928eacb280a2