Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0-1.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0-1.eml
Analysis ID:1649428
MD5:b678eaad3ffe326c3a5939a3daeb4ed4
SHA1:09bedcb0a71e8be46e3ce3470d0a374120dd5313
SHA256:f7d86787429e7370e0d935f5596d3e10c2dd0ce669f1b7f8b4f5316d0a156ef8
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Detected suspicious crossdomain redirect
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6996 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0-1.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7124 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A32BB922-0CC7-49AC-87A5-087DD67B4390" "5C55F80B-939E-422F-8A08-D3B506730C13" "6996" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4927973422297778849,5447233026097221591,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15826296830906064342,14569107645292783428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=1608 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • HxOutlook.exe (PID: 1156 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 8052 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6996, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RJA0F2L6\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6996, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Page contains button: 'Play Voicemail' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'play voicemail'
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email claims to be from Microsoft Teams but is sent from an unrelated domain (olohparishfamily.org). The 'Play Voicemail' link contains a suspicious URL (knitlonger.tuopuwujin.com) masked through Outlook's SafeLinks. The message is duplicated multiple times in the body, which is typical of phishing attempts trying to bypass spam filters
Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: Email claims to be from olohparishfamily.org but is sent from localhost (127.0.0.1). Suspicious IP routing pattern: localhost to external IP (192.189.2.4). Unusual boundary string format with 'sinikael' prefix. Despite Microsoft's SCL (Spam Confidence Level) being low (1), the combination of localhost sending and suspicious routing is concerning. The x-forefront-antispam-report shows multiple spam filtering categories being triggered. The message appears to be trying to masquerade as a legitimate organizational email while using suspicious infrastructure
Source: EmailClassification: Credential Stealer
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: https://future.aue.ae/cst-lsk-xps/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.43.154:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: nam04.safelinks.protection.outlook.com to https://knitlonger.tuopuwujin.com/line?line_id=76034ff2-d196-4eff-a419-85f471591f11-randomsuffix&heap=eyjzdhvkzw50x2xpbmsioijodhrwczovl2luzxn0cgvkaweuy29tiiwidgltzxn0yw1wijoxnzqzmda4otazmjy4lcjyyw5kb20ioiiwotawytuxyi00zdu5ltqwowitognkms0ymdi3njg2ngniy2iifq==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: knitlonger.tuopuwujin.com to https://future.aue.ae/cst-lsk-xps/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: nam04.safelinks.protection.outlook.com to https://knitlonger.tuopuwujin.com/line?line_id=76034ff2-d196-4eff-a419-85f471591f11-randomsuffix&heap=eyjzdhvkzw50x2xpbmsioijodhrwczovl2luzxn0cgvkaweuy29tiiwidgltzxn0yw1wijoxnzqzmda4otazmjy4lcjyyw5kb20ioiiwotawytuxyi00zdu5ltqwowitognkms0ymdi3njg2ngniy2iifq==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: knitlonger.tuopuwujin.com to https://future.aue.ae/cst-lsk-xps/
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0 HTTP/1.1Host: nam04.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /line?line_id=76034ff2-d196-4eff-a419-85f471591f11-randomsuffix&heap=eyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ== HTTP/1.1Host: knitlonger.tuopuwujin.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3
Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveOrigin: https://future.aue.aesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://future.aue.ae/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/antibot.js HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3
Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013346 HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013346 HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013365 HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013365 HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013374 HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013374 HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3; pll_language=en
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0 HTTP/1.1Host: nam04.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /line?line_id=76034ff2-d196-4eff-a419-85f471591f11-randomsuffix&heap=eyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ== HTTP/1.1Host: knitlonger.tuopuwujin.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013418 HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013418 HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/ HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013432 HTTP/1.1Host: future.aue.aeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficHTTP traffic detected: GET /cst-lsk-xps/index.php?retry=1743013432 HTTP/1.1Host: future.aue.aeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: pll_language=en; PHPSESSID=1f75fc129f52f43aecf8380f7ed4e80c
Source: global trafficDNS traffic detected: DNS query: nam04.safelinks.protection.outlook.com
Source: global trafficDNS traffic detected: DNS query: knitlonger.tuopuwujin.com
Source: global trafficDNS traffic detected: DNS query: future.aue.ae
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: unknownHTTP traffic detected: POST /cdn-cgi/rum? HTTP/1.1Host: future.aue.aeConnection: keep-aliveContent-Length: 1598sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/jsonsec-ch-ua-mobile: ?0Accept: */*Origin: https://future.aue.aeSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://future.aue.ae/cst-lsk-xps/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=74076bdda20a68d7f2e9472495752ba3
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 18:22:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: max-age=14400, must-revalidateLink: <https://future.aue.ae/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingCF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 9268ac43de3c5612-EWR
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.74.28:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.43.154:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.22.42.154:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: classification engineClassification label: mal52.winEML@41/3@22/131
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250326T1422020858-6996.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0-1.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A32BB922-0CC7-49AC-87A5-087DD67B4390" "5C55F80B-939E-422F-8A08-D3B506730C13" "6996" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4927973422297778849,5447233026097221591,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A32BB922-0CC7-49AC-87A5-087DD67B4390" "5C55F80B-939E-422F-8A08-D3B506730C13" "6996" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4927973422297778849,5447233026097221591,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15826296830906064342,14569107645292783428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=1608 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,15826296830906064342,14569107645292783428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250326-050103.627000 --mojo-platform-channel-handle=1608 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelclient.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe TID: 2292Thread sleep count: 81 > 30
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe TID: 2292Thread sleep count: 37 > 30
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS14
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://future.aue.ae/wp-includes/images/w-logo-blue-white-bg.png0%Avira URL Cloudsafe
https://future.aue.ae/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js0%Avira URL Cloudsafe
https://future.aue.ae/favicon.ico0%Avira URL Cloudsafe
https://future.aue.ae/assets/antibot.js0%Avira URL Cloudsafe
https://future.aue.ae/cdn-cgi/rum?0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
static.cloudflareinsights.com
104.16.80.73
truefalse
    		high
    nam04.safelinks.eop-tm2.outlook.com
    		104.47.74.28
    		truefalse
      		high
      future.aue.ae
      		104.22.43.154
      		truefalse
        		unknown
        www.google.com
        		142.251.40.228
        		truefalse
          		high
          s-0005.dual-s-dc-msedge.net
          		52.123.131.14
          		truefalse
            		high
            knitlonger.tuopuwujin.com
            		172.64.80.1
            		truetrue
              		unknown
              nam04.safelinks.protection.outlook.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://future.aue.ae/assets/antibot.jsfalse
                • Avira URL Cloud: safe
                		unknown
                https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015false
                  		high
                  https://future.aue.ae/favicon.icofalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://future.aue.ae/cdn-cgi/rum?false
                  • Avira URL Cloud: safe
                  		unknown
                  https://future.aue.ae/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://future.aue.ae/wp-includes/images/w-logo-blue-white-bg.pngfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.80.35
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  104.22.42.154
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  23.57.90.112
                  		unknownUnited States
                  		35994AKAMAI-ASUSfalse
                  142.251.40.228
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  104.47.73.28
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  13.107.42.16
                  		unknownUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  104.47.74.28
                  		nam04.safelinks.eop-tm2.outlook.comUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  104.16.80.73
                  		static.cloudflareinsights.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  23.9.183.29
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  142.250.81.238
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.251.167.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  20.42.73.28
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  104.22.43.154
                  		future.aue.aeUnited States
                  		13335CLOUDFLARENETUSfalse
                  172.64.80.1
                  		knitlonger.tuopuwujin.comUnited States
                  		13335CLOUDFLARENETUStrue
                  52.123.131.14
                  		s-0005.dual-s-dc-msedge.netUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  52.111.227.28
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  52.109.0.91
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                  Private

                  IP
                  192.168.2.16

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1649428
                  Start date and time:2025-03-26 19:21:30 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:25
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:phish_alert_sp2_2.0.0.0-1.eml
                  Detection:MAL
                  Classification:mal52.winEML@41/3@22/131
                  Cookbook Comments:
                  • Found application associated with file extension: .eml
                  • Exclude process from analysis (whitelisted): dllhost.exe
                  • Excluded IPs from analysis (whitelisted): 23.9.183.29, 52.123.131.14
                  • Excluded domains from analysis (whitelisted): ecs.office.com, dual-s-0005-office.config.skype.com, fs.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtOpenKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Report size getting too big, too many NtSetValueKey calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: future.aue.ae

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7256E2A8-0E52-42EC-B21D-288B322E43C6

                  Download File
                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):180927
                  Entropy (8bit):5.296461163932723
                  Encrypted:false
                  SSDEEP:
                  MD5:42A69ACAB2F48473981673F5D05E6458
                  SHA1:F54A6E056B42E5E2807BEE443B4FC92CC2499011
                  SHA-256:61FE386903FABC215363DCF779D5A2C595A4C6639359F62629576AA484507DEB
                  SHA-512:9A1126E657B57DE9D8A7ABC86A9DE81FD7AB0F63CF2479E2E890077D03945D86CE005765DF4F77096B4795EEE8CE8D6717FF1E463CDD638E8ED3F3E37E5C5F46
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2025-03-26T18:23:10">.. Build: 16.0.18413.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc

                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

                  Download File
                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):131072
                  Entropy (8bit):0.20647247672794636
                  Encrypted:false
                  SSDEEP:
                  MD5:ADD713B80D042B229FCD4A8522CE08C6
                  SHA1:402EF5C2DA785FA59F8A01481BDF85193575AF1D
                  SHA-256:22759B95474AEF628049FB66E5F80D4ACE49FF5F5C5E317C1B2C87F96AE7FA4A
                  SHA-512:B2E352DE92FD12354FC156F0E0DBA4978AE6533E1A23F747BCCE56E761076288357071C43C983607AC5C8CFFC86209E1EB5FD345D3256A2C86016BEC9FC5DABF
                  Malicious:false
                  Reputation:unknown
                  Preview:............................................................................b...(...t...........................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P.i\2...........N[.!|...........H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.(...t...;.......................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

                  Download File
                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):0.1192931438355786
                  Encrypted:false
                  SSDEEP:
                  MD5:DD449357F5CC37738275D0B7E39DC953
                  SHA1:22E46555DE94A84A894994A2D790AA72E313400F
                  SHA-256:62DFD57A3AEB0C38367989007B0207D5429FA0FBDBE667488624EEAA81959547
                  SHA-512:198F38857329CFD4A9A5C0C20CA99743B8955550028152ACAD1E9D64B2DA58E2B4F08C9E5ABEF4F5DE158B668F2CEA53DB8B39CC830D816510E93E0D8A6981D1
                  Malicious:false
                  Reputation:unknown
                  Preview:............................................................................@...p........GY.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P.i\2...........P.. |...........H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P.p.........Y.............................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:RFC 822 mail, ASCII text, with very long lines (2221), with CRLF line terminators
                  Entropy (8bit):6.167475060713191
                  TrID:
                  • E-Mail message (Var. 5) (54515/1) 100.00%
                  File name:phish_alert_sp2_2.0.0.0-1.eml
                  File size:68'818 bytes
                  MD5:b678eaad3ffe326c3a5939a3daeb4ed4
                  SHA1:09bedcb0a71e8be46e3ce3470d0a374120dd5313
                  SHA256:f7d86787429e7370e0d935f5596d3e10c2dd0ce669f1b7f8b4f5316d0a156ef8
                  SHA512:df0616651b08e390eca5c44d988698982f5eb22a7b528b55770c1d0750e77fbe3200d0d38b20767450b4a3d7af35025fbb4bc7896efc6eaab8deddbc98c7f780
                  SSDEEP:1536:f42j9f10Ab6FGifKiJC5jLUPBn7gG4VlFHkdgCO2zb:f42jd1W1M4BkxVlKdgCO2f
                  TLSH:BD63D072D94060CA06B15270F322BB04FE9068DFC79394B07E6F96A29FF14255E79B8D
                  File Content Preview:Received: from SJ0PR08MB6478.namprd08.prod.outlook.com.. (2603:10b6:a03:2db::17) by CO1PR08MB7189.namprd08.prod.outlook.com with.. HTTPS; Wed, 26 Mar 2025 17:32:33 +0000..Received: from CH2PR15CA0025.namprd15.prod.outlook.com.. (2603:10b6:610:51::35) by S

                  Static Mail

                  General

                  Subject:[MARKETING] A message has been left for your reviewdont miss it.
                  From:"You've got an alert." <cwhittenburg@olohparishfamily.org>
                  To:Safety <safety@olgoonik.com>
                  Cc:
                  BCC:
                  Date:Wed, 26 Mar 2025 17:32:21 +0000
                  Communications:
                  • New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe #outlook a { padding:0; } body { margin:0;padding:0;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%; } table, td { border-collapse:collapse;mso-table-lspace:0pt;mso-table-rspace:0pt; } img { border:0;height:auto;line-height:100%; outline:none;text-decoration:none;-ms-interpolation-mode:bicubic; } p { display:block;margin:13px 0; } @media only screen and (min-width:480px) { .mj-column-per-100 { width:100% !important; max-width: 100%; } } .moz-text-html .mj-column-per-100 { width:100% !important; max-width: 100%; } New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail AlertMicrosoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe New Voicemail Alert body { font-family: 'Segoe UI', Tahoma, Geneva, sans-serif; margin: 0; padding: 0; background-color: #f3f2f9; color: #333; } .container { width: 100%; max-width: 530px; margin: 20px auto; background-color: #ffffff; border: 1px solid #ddd; border-radius: 8px; overflow: hidden; box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1); } .header { background-color: #6264a7; color: #ffffff; padding: 26px; text-align: left; display: flex; justify-content: space-between; align-items: center; } .header img { height: 30px; margin-left: 10px; flex-shrink: 0; } .body-content { padding: 20px; font-size: 16px; line-height: 1.6; color: #333; } .body-content p { margin: 10px 0; } .details-table { width: 100%; margin-top: 15px; border-collapse: collapse; table-layout: auto; } .details-table th, .details-table td { padding: 10px; text-align: left; border: 1px solid #ddd; } .details-table th { background-color: #f0f0f5; font-weight: 600; } .separator { margin: 15px 0; height: 2px; background-color: #6264a7; } .cta-button { display: block; background-color: #6264a7; color: #ffffff; padding: 10px 20px; text-decoration: none; font-weight: bold; border-radius: 5px; margin: 20px auto; width: max-content; text-align: center; } .download-section { margin-top: 20px; padding: 8px; background-color: #f4f5fb; text-align: center; border-radius: 5px; font-size: 12px; } .download-section p { margin: 0; font-size: 14px; } .download-link { display: inline-block; background-color: #6264a7; color: #ffffff; padding: 5px 10px; margin-top: 5px; font-size: 12px; text-decoration: none; font-weight: bold; border-radius: 4px; } .footer { margin-top: 20px; padding: 10px; font-size: 12px; color: #666; text-align: center; border-top: 1px solid #ddd; } .footer a { color: #6264a7; text-decoration: none; } .hidden-text { font-size: 0; color: #ffffff; visibility: hidden; } @media screen and (max-width: 600px) { .container { width: 100%; border-radius: 0; margin: 0; box-shadow: none; } } Microsoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.comConfidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe Microsoft Teams Microsoft Teams Hi Safety,You have a new voicemail in Microsoft Teams!Below are the details of your voicemail:Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PMClick the button below to listen to your voicemail:Play Voicemail Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Hi Safety, You have a new voicemail in Microsoft Teams! Below are the details of your voicemail: Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PM Caller ID465182Duration1 minute, 36 secondsReceived OnMarch 26, 2025 at 01:32:21 PM Caller ID465182 Caller ID 465182 Duration1 minute, 36 seconds Duration 1 minute, 36 seconds Received OnMarch 26, 2025 at 01:32:21 PM Received On March 26, 2025 at 01:32:21 PM Click the button below to listen to your voicemail: Play Voicemail https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknitlonger.tuopuwujin.com%2Fline%3Fline_id%3D76034ff2-d196-4eff-a419-85f471591f11-randomsuffix%26heap%3DeyJzdHVkZW50X2xpbmsiOiJodHRwczovL2luZXN0cGVkaWEuY29tIiwidGltZXN0YW1wIjoxNzQzMDA4OTAzMjY4LCJyYW5kb20iOiIwOTAwYTUxYi00ZDU5LTQwOWItOGNkMS0yMDI3Njg2NGNiY2IifQ%3D%3D&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536928971%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=q38xXh7ldWtf%2BMIdp9KDG288gzvvxKl70mCJtLRRDzo%3D&reserved=0 Havent set up Microsoft Teams yet? Download the app and stay connected!Download Teams Now Havent set up Microsoft Teams yet? Download the app and stay connected! Download Teams Now https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen%2Fmicrosoft-teams%2Fdownload-app&data=05%7C02%7Cesmith%40olgoonik.com%7Ca5917b2f5b474fe545f408dd6c8c2c51%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638786071536953494%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=4Z%2B2fA%2FBorEDEWBSoQ5npUDpTuBrTh0dsTGK%2FpJHa3E%3D&reserved=0 Privacy Policy | Terms of Service | Help Center 2025 Microsoft Teams | For support, reach us at support@Olgoonik.com Privacy Policy | Terms of Service | Help Center Privacy Policy # Terms of Service # Help Center # 2025 Microsoft Teams | For support, reach us at support@Olgoonik.com Confidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately.Unsubscribe Confidential Notice: This message is intended solely for the recipient. If you have received this email by mistake, please delete it and notify the sender immediately. Unsubscribe Unsubscribe #
                  Attachments:
                  • K2.png
                  • A1.png
                  Key Value
                  Receivedfrom [127.0.0.1] (192.189.2.4) by CO1PEPF000044F3.mail.protection.outlook.com (10.167.241.73) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.20 via Frontend Transport; Wed, 26 Mar 2025 17:32:21 +0000
                  Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DV1Jlhdt51qm+JRjJy2XvOfUFaejXfZf9CYWeUX292YdCdj2U5TVia3ACGxWBg2rmv6ucROqyCZao+ZpcaIByrUGdmfYJv8k1v0iGDGonC4XALC6yAQ+azmouTsfY8Adv9XRaBK4me9ySLnXcNGw9Wwz5C43tyj1qpFDfwRqtLio9te/MGVK7Sv56nRHj3FqoyuX9YKkkHx5dNOUi12zvIXglBQOpCVV8fzidZR/xt91605LQAmmTzQBj8VcJGD/sFbHFYrRcB4tcjx8kH3Si6A4zoFjlHkxWUDW8BZMTBb0mwreoMLH3tG7VldV3d9QQOdoM/lJyBb8qmSxdLT4oQ==
                  Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LvTTD1TPI1cgXoU0vXMy1mE1h04n1ybA0fGC++Dzs60=; b=RtpD+tvAEYNYhz81tMvqird7qvGui0itC4mkfliD5GtvoARGj/LY/vV/LmoDSyIz97rXGigd6AhqD2Dfnjnp8NLyErF60WU1W8MtaJlBFIT9YfzNVhrt+75GfEXtiAKKbt/nPeZ7KM25CKnM/x4Gol279xA0amopneO4vK5sMPr5T6/1igAEwBZRaOqKafQoEozEhnRBH4kbbDap0vHYxXY1flaI4onIU9yuUW12PJJzIyg4SulgJZS0nhP8Th3G3ruCHdFGwfknEBAEzlm5aep5W2Ecr2Oche+DGqOWsdQHV27sS7pqJg2RQgDbgDvQ2DFQdhFQN/fBoqTesc0H8Q==
                  Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is 192.189.2.4) smtp.rcpttodomain=olgoonik.com smtp.mailfrom=olohparishfamily.org; dmarc=fail (p=quarantine sp=quarantine pct=100) action=quarantine header.from=olohparishfamily.org; dkim=none (message not signed); arc=none (0)
                  Authentication-Resultsspf=pass (sender IP is 2a01:111:f403:200a::712) smtp.mailfrom=olohparishfamily.org; dkim=pass (signature was verified) header.d=olohparishfamily.org;dmarc=pass action=none header.from=olohparishfamily.org;compauth=pass reason=100
                  Received-SpfFail (protection.outlook.com: domain of olohparishfamily.org does not designate 192.189.2.4 as permitted sender) receiver=protection.outlook.com; client-ip=192.189.2.4; helo=[127.0.0.1];
                  Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=olohparishfamily.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LvTTD1TPI1cgXoU0vXMy1mE1h04n1ybA0fGC++Dzs60=; b=Si9zXhVP8KfV6+HCG+svVGu75QuvB54bETxFMr4I9i4IQfeoRq147HZH4LvFd01tkCB6YgQIL4cO3RaTtgxv3pe3SUl9bvIFB47hqAVq8Q4D2vdWH2d6h4m9+YHerPKOUv9Munv7rcFU1zfwYaZx+Qo9kwp3AeBEFU8vZFqezLCWp3IjeUdBfQPHhDfUvXKFWVN6cPfxb12TTJWw9eAJJiqUahGFnNctx8SGgOw5Cxmyx/V6mi3jXJqfDwzQo4gxT44mPM3tzJV75HOy9olcXmodgpYR8BSDIYRw6znuUJUWQQW5TlVs/L0/G74NOARwAjPauMC36WzUMC643d6bSA==
                  X-Ms-Exchange-Authentication-Resultsspf=fail (sender IP is 192.189.2.4) smtp.mailfrom=olohparishfamily.org; dkim=none (message not signed) header.d=none;dmarc=fail action=quarantine header.from=olohparishfamily.org;
                  Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17430114816190.7940349555026895"
                  From"You've got an alert." <cwhittenburg@olohparishfamily.org>
                  SenderTeamwork.Network.Enterprise.Voice.Consulting.And.Synchronized.Communication.Operations.Helpdesk.For.Safety@olgoonik.com
                  ToSafety <safety@olgoonik.com>
                  Subject[MARKETING] A message has been left for your reviewdont miss it.
                  Message-Id<795971b3-07b5-f509-54b6-6b6ca06008ce@olohparishfamily.org>
                  DateWed, 26 Mar 2025 17:32:21 +0000
                  MIME-Version1.0
                  Return-Pathcwhittenburg@olohparishfamily.org
                  X-Eopattributedmessage1
                  X-Ms-Traffictypediagnostic CO1PEPF000044F3:EE_|SA1PR19MB7109:EE_|CH1PEPF0000A34A:EE_|SJ0PR08MB6478:EE_|CO1PR08MB7189:EE_
                  X-Ms-Office365-Filtering-Correlation-Id a5917b2f-5b47-4fe5-45f4-08dd6c8c2c51
                  X-Ms-Exchange-Senderadcheck1
                  X-Ms-Exchange-Antispam-Relay0
                  X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|41320700013|82310400026|36860700013|376014|34070700014|4022899009|61400799027|4053099003|8096899003|4076899003;
                  X-Microsoft-Antispam-Message-Info-Original 5vr4T4Fv73HfSsGTBIrzfq7WUTxNhVIpdG0Zguj8AUcbD/BZmOJdYlVxu8HBHP8ktq6eVnhn0Hp/w179UVeo4cV11Yo3U1xsAJ9CXwIBh4Y6RWtZAX8/uaKMnx82C2BHce+vX5FIZJ74q50miXA/52wtQzfMmj8Ge8NbUFQQX2UC0te2YEMAGb0Vnb7TQXQNG45dwImOg0rkyqsCKMXWklzjj4vNuLF94b3IRDmvmZaxfclpxQSTp77UvQ63cmEmiRr3CJykNGICbhmkQu1lmPrABKoHDgLC6lMNfaOO62myDV3sT3UE9TwFu5zLGglP10nc4YmBWpuqb3h/DsRA+gcfpneIGAXpyibXVCcKepDq33LhmPfLtY7Pp5BuvhXOOXF2cQWq7XoWGFX02GwNztfB3Vp9Z3dVcVYp74GfnfYPMhOW9JtNmclD/WvWziU3d+YBGLzIztfo8i7mKMzwOkq2sXxk3xSAEaui/bNznb4gA6GiGjQFVjzn1RoakmCIXYmGqP4Owute5JNIp14cfRaVT7t+6+d4Mm796MlJWTPJ0ZRsF/1xwBehhSyM+loRgj9UsVqID2fMQ2LaJ9JxlO/379rXpCO8p4uRcua7nNFlo16v5+HeBqTbcV8/sZkkII6KWtk4YwtsH2DDa29JBb4232AYWLI/aC2fv6IJKQxWGdjRJhl6ReqduM0b6EigszhdP/e6carQq7TFmMb1zcEsmCQMWFKHYoWHz5rwjt+erSD8o1VCZZOE4//bFL6O3xBewbaHpfIXr+/7ChzZoVHRyIVgNSWLHjVsdGtV0rmm/w8PUcAPyDtUZ6p4Szcy3jyRAG3Ri8wDcFFWKiAxGTC+DoRGImuU4qzypl5SiDns0yCa+Fzyz7iu0FliRjzKxnwgkg5Np7YBN2WSnmNg4eyCujSIBdip2MktpVYLPF63KhcDR9DvReiy9MB5F3q/yIDqh9mFyNtTfdx2cUCs9npFoFMrrL+Hyxn+r3VOdxykDbyEMT2/hk043prkt/xh/XM+Ev26IJt/CVMG+BQsEB3iYHA8G1jacTHsBJWZitFqn95LHR6LmEEysTl8hnpnPDYErUhZZz5869CGN/C00BKqgIaweovMzeZRb7k19n6e/7itXdKm+X72wzWMpWT8feJOG6Fd8cUsos5U52vtmQFOZF4iA6DaO2cGkECDg3eK0fIN4j9PPEYlwC9TGlBIrUT0zewJrYafIE54oI3HFS42nPcty90s/rFg/DOFtoI9tw0aqHDdHlv7v7pVgrs/z3aomg2qSaU/dhhkDUB97RUSikzK6A83f7REcHxuKcfaAvAnm90Dl8PcV1J/66mQueDMQ7Cx4qGCB6IPyt/K786GId752Dvucy0KBWrGOD56SyiObmcOWvMdvwjCU7ZBRv4s4rDaIKVoLVU5uM5R+g6HkcAZ7PMGUjhZ88ueaq0=
                  X-Forefront-Antispam-Report-Untrusted CIP:192.189.2.4;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:hotuniquewingsdelivery.online;CAT:NONE;SFS:(13230040)(41320700013)(82310400026)(36860700013)(376014)(34070700014)(4022899009)(61400799027)(4053099003)(8096899003)(4076899003);DIR:OUT;SFP:1102;
                  X-Ms-Exchange-Transport-CrosstenantheadersstampedSJ0PR08MB6478
                  X-Ms-Exchange-Organization-Expirationstarttime26 Mar 2025 17:32:25.1223 (UTC)
                  X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                  X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                  X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                  X-Ms-Exchange-Organization-Network-Message-Id a5917b2f-5b47-4fe5-45f4-08dd6c8c2c51
                  X-Eoptenantattributedmessage341c5aad-39be-47a3-901e-146d297ecd80:0
                  X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                  X-Ms-Exchange-Transport-Crosstenantheadersstripped CH1PEPF0000A34A.namprd04.prod.outlook.com
                  X-Ms-Exchange-Transport-Crosstenantheaderspromoted CH1PEPF0000A34A.namprd04.prod.outlook.com
                  X-Ms-PublictraffictypeEmail
                  X-Ms-Exchange-Organization-Authsource CH1PEPF0000A34A.namprd04.prod.outlook.com
                  X-Ms-Exchange-Organization-AuthasAnonymous
                  X-Ms-Office365-Filtering-Correlation-Id-Prvs f5e27868-6be6-4d5b-7df7-08dd6c8c2a20
                  X-Ms-Exchange-AtpmessagepropertiesSA|SL
                  X-Ms-Exchange-Organization-Scl1
                  X-Microsoft-Antispam BCL:0;ARA:13230040|35042699022|4073199012|5073199012|12062699021|4022899009|8052699015|4076899003|8096899003|4053099003|43540500003;
                  X-Forefront-Antispam-Report CIP:2a01:111:f403:200a::712;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12on20712.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(4073199012)(5073199012)(12062699021)(4022899009)(8052699015)(4076899003)(8096899003)(4053099003)(43540500003);DIR:INB;
                  X-Auto-Response-SuppressDR, RN, NRN, OOF, AutoReply
                  X-Ms-Exchange-Crosstenant-Originalarrivaltime26 Mar 2025 17:32:24.9036 (UTC)
                  X-Ms-Exchange-Crosstenant-Network-Message-Id a5917b2f-5b47-4fe5-45f4-08dd6c8c2c51
                  X-Ms-Exchange-Crosstenant-Id341c5aad-39be-47a3-901e-146d297ecd80
                  X-Ms-Exchange-Crosstenant-Originalattributedtenantconnectingip TenantId=6987dda3-d1c9-49b4-925f-e7e891156a66;Ip=[192.189.2.4];Helo=[[127.0.0.1]]
                  X-Ms-Exchange-Crosstenant-Authsource CH1PEPF0000A34A.namprd04.prod.outlook.com
                  X-Ms-Exchange-Crosstenant-AuthasAnonymous
                  X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                  X-Ms-Exchange-Transport-Endtoendlatency00:00:08.2864346
                  X-Ms-Exchange-Processed-By-Bccfoldering15.20.8534.033
                  X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4712040)(4999020)(920097)(930097)(140003)(1420198);
                  X-Microsoft-Antispam-Message-Info p9oahOthOwiqV2vyVkig0Ti4YDof15NA0Q6kRZuoPkR9THBDTLmYYFVe9J5Phsfjf9wZuApMSX+PRLbR2g7nvVG/8SoQFecg9+WtKYJT14wuBB+C2cyQK7HWIOr6ZTyrU5x4lRXwMO5k0Fx9VAOj5ZbHB2Oq4xdzAlEo8OO8FHXd2TcmmhIotZhD8P9YwgKEnpE7zhddJTau/3YXeEelkjAt4rim97/O0eF7pGoOWaIiJUIe3xS1V1+xbNU6UKLCfaDWoqUCkX7dy4lIvAcY+MrPR7W7D3qP/G+qVNiRQh5RasywPZBOyY08Y90bHVJsfJTmPgdL162rrVXYKIbY4HshQ3e7T+BEevFJ+TmXC8m3BTs/zuf90Pujp0Trecxuzv3gc34sG1VDF6yettCv9+KZmNdH78dxr531vix1aRdSe/wckgzE5z6hMz6G4uOEeJ/iZkUsbsHr7hHAsPA1GKr2QK17Qcz6VJkvykBavCo+XwBuwToesrqeuiDExbj2i3gbgJI1rvdBKEa5KD1f+5n5ku0g3DKuTcj5bKtwqClofM5BJBF+SJbhWmbapUhXARTUbGTs+LWLjDXbaFeh6/NkmTndfLHG1UVYoWgyKSQv0SbVjtpYN+iOiBZL5lc3JoNq/9CtsnQgjpN/v7MroewVrXTkcnkjKrJYEGCbMmg91CEWnyVjx1u1UebdKtlpl3MHeMlAX41QLAxfaDPaI9D/F/s0e8J1Y7MoJ/C5XPAbHn7AuCFc+/FoHV/RQ7VXtcTxX7j17R5FosM2DgHpXWpqzJQH6cL+6IgC3DAKjHfny+zLdDAek2d6k6DT7YtxmGspkOoTm9Sc7AgvpxrNAFj1W+lqqIN7hOaxx+UXL99m9sqdxbfhU38lUDuk9gVHuApGWkWWr1vXpNvN/kky4jLurhR8PNvAkPyt6dzKta44AlLGw3abVPknFnqZfhq5YLS2fqlPm2wji0NVzpBh0o2gAJLvynqm6hNJ0rwndO6dm/O0yXwgeU1JZkE4RFLavUPj223zsTl8/uiQiRteaN7C2f4jAr3+Jc2dXDdv74GP4eWpJGrbx9zKKhJl02HbZ+MXUlwgvs3MIb5EFWyUqbnVfXjsxZVHc4LvZ0x+SGJIOAdiWMu8lPeU8K8E4ownBZIEwNzfWyCfBt+KMtYSGcuExznly9+BaQNwBet7rXveh3ssY8xXYZVou8WX6hYWXEdaxE3uMRtUE7UGOmrGm6gT6/qVcF5zTB9PmSEhJsIj4BBexkIA1JkXCP1L1J6UBeCZnjbuQ/BLaNgIQt4mOirqkhCXP3QiLzn//qrTGwn7F/NfZSTXxIQV03Bk6EnEGYuaamv3IcyuEvtqIaRi2kagZOZMV9yMQv3M9kWBDkmpkPniKtMvfewW99wPZT6Vu9yxxm9EQGtUsvR/CjCt3J2vKFVyDr/TAryiTrl0JrpEKGbsXUkSHh/ellqLIuJMQrC7ZyBGVtrkmQna4efDHgo6L5OiRvYXQxi4tyKR03ZZWh7Yrfr+gbHqmL9xG3ox8nshDqsrrg6OyUQpXr2I/GosuPdesfSYKVLbMtO+0vShDqL1JlMkSvNdDvjBZ9GEcmlQHML1ZTXZZMyoT3Ydxf24c8g5kLQz+688OfNgvZy8IISMNwsLa4+3udFrbFskyTMitpd1s7gHMKSmPLm0/KU/wbBsntRrOJNHoNfh4bEKaBFQd3s7aQR0EhhsFRp5sIHy9cMRwbGY5Xynde2xHaCJrJg9oRnGBx8GcS+9RsICgr2N1plsSQH6FX0pdZbDXuNkvZoBKxj+wpejj6RBJA3Mb4AScDNR4717qgD19VPFNemh4yEaCId61kuJsO9Qmzu5kjzbLmeUVZrAzEVL7TfFCFZcK43ivOxvLekpyxpen0byTQ7W6CdLfm9ZAVuzCl0jr0QrpTo/cM2GfBbkrlvsuj4NfhGqr7sCdHSmFY/KtqQH1mixjFC0ja6kYpi3Gz0xyxRbKE/dtV0YBDrO9CXVsNLOkK2w1dUpZh6yWVIuR2URmCHMcDll+D1bNo0wqmZZ2XDP1hvCEn4Fw5/lFPLxjLk7fE1qryMnEpouvSJBTl2GL8rktGySFWAgAaYnhqLbsLCOz76rTgpjzGRF/o5yPO6vE03GsJjojkU6WQ/JsAJu3aNQITGKXmGmqvJ782Lh+JI1fa34pYqi5z+8dXp0sPiOGUKJS6A7t1SObww=
                  Content-Transfer-Encoding7bit

                  File Icon

                  Icon Hash:46070c0a8e0c67d6