Windows Analysis Report
original.eml

Overview

General Information

Sample name: original.eml
Analysis ID: 1500040
MD5: 426e14bc8b37577e68552ca43d14e899
SHA1: 7dcd2850e04c2de58b3e50f6c19a7b5f9a0b24fb
SHA256: de4d7dda39c171757639530f591fca99f716b7867bd331d61c18b99824cf55f0
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Detected non-DNS traffic on DNS port
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Form action URLs do not match main URL
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: Form action: https://login.microsoftonline.com/common/login microsoft microsoftonline
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: Form action: https://login.microsoftonline.com/common/login microsoft microsoftonline
HTML body contains low number of good links
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: Number of links: 0
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: Number of links: 1
HTML page contains hidden javascript code
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: Base64 decoded: 98640eaf-fc9a-46da-b5ee-79406244053ee1f7e0f7-f93f-482f-b0df-f569e7481611
HTML title does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3dF26EDFD2B12FD936%26opidt%3d1724782024%26uaid%3d2cf650ee83cd41819bfe62fda4158cef%26contextid%3d5A2F8B8205EDC8DB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=2cf650ee83cd41819bfe62fda4158cef&suc=00000006-0000-0ff1-ce00-000000000000&lic=1 HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3dF26EDFD2B12FD936%26opidt%3d1724782024%26uaid%3d2cf650ee83cd41819bfe62fda4158cef%26contextid%3d5A2F8B8205EDC8DB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=2cf650ee83cd41819bfe62fda4158cef&suc=00000006-0000-0ff1-ce00-000000000000&lic=1 HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3dF26EDFD2B12FD936%26opidt%3d1724782024%26uaid%3d2cf650ee83cd41819bfe62fda4158cef%26contextid%3d5A2F8B8205EDC8DB%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=2cf650ee83cd41819bfe62fda4158cef&suc=00000006-0000-0ff1-ce00-000000000000&lic=1 HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: No <meta name="author".. found
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: No <meta name="author".. found
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0 HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DG1wzeow5fcu1C0Ix3zqyEk9ssUmTYMF5DrfKwZRqpiS3rI3FdvCGynOb96VqXxn6HNOv1m3ktMAa5jRnoaw0rrvtt0t61ibsMUE3e0NDSZLCJM6tANIKsy8Epdrd3ZrJiugKKwiare1nJMf-gXVBTfLXFy3ROI1jtvyHYRIHbF_sVKXF0QEJ-WdiXEfhISOv&response_mode=form_post&nonce=638603787497054431.OTg2NDBlYWYtZmM5YS00NmRhLWI1ZWUtNzk0MDYyNDQwNTNlZTFmN2UwZjctZjkzZi00ODJmLWIwZGYtZjU2OWU3NDgxNjEx&redirect_uri=https%3A%2F%2Fadmin.microsoft.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=2cf650ee-83cd-4181-9bfe-62fda4158cef&x-client-SKU=ID_NET472&x-client-ver=7.6.2.0&sso_reload=true HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoft.com/common/fido/get?uiflavor=Web HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/reprocess?ctx=rQQIARAAjZI9bBJhHMbvoKUt0UrqRzo20cGYAu9xcNAmHSgf5YC7a4Hj4BYC90EPuPfg7oWD2xoXB4eOpm7GqYNRE6N2MB2cmph0NJ0aBzUdqnHQLhohXRx9hifP8OSf_PP8vDPRABUIBcA9NxEgVu-AS1H-ifuBqhJ-SZmkf2QueH3nmz-XP9zfiT_-0_j99ObDb_v47W2EutZqMFiXdQ0GdE0yDctQUUAy9GCnDmUNNt_g-DGOf8XxPde0Av18cd9lUWSMAmQ0Fg2vREEkHCaJAFdqhtjkeqcqVJGoM5FqEQBWL2znBZoQBR6xThswyeqITW7ZbIntiKW0zoZ4W2xJSGy1HVEDgEtm9XHfFjfGN1p8iBN4kk02h2wrNTxxXePifbQdmphhao7ywzWnGqZe6xoW2nN_wbmuAmk5YUCoSCgwqSkQaVIdaQbcNI2uYiJNsdY2CNtRDDuiSn0iAegh6fRGqfaKZfF6qcqkI0lTzdliodfViqRJk2l5kNgYQa6xQpV7lSGkMiw3IHSyjZh4PdIqQKNuA9McIAQQRWgNi-FTpALYZFHMJ7IMheIsnbNGsVRXNmVSNLNav5nL2VrdVAiYZVR_s1JeL6n5SnpEFjiaaKHBKFMt0JlGumaVc5U02Epl_YKsVVLqNl3kBi_dnvE6ugGP3PPjp6AmL3VNQ9U6yvEUfjZ1a3bG51l0LWF3bwD36uys14ctYkvYxRT-ZHrMwPtfp_zB0efMW8HZeYe9wo6mg2WxmadzdiNHBJ2oUsla8TLcrKRjDU6vJDJBJNRlOysQeaO5tQZWiV0PvuvxHHnm6GSNTZXC0dB3D_5gBjuY-x-aTq5c93r7Wq1jSPWOYi1cInV4FbuY__To8PWzjy_OM2fXlh2p0VIcUOyWIumeE6fMjlVSGZ4xw21xVI1ZvVhOIGEQJfqxtec-7NSH_QU1 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:63419 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.18:63381 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: nam.safelink.emails.azure.net
Source: global traffic DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic DNS traffic detected: DNS query: signup.live.com
Source: global traffic DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic DNS traffic detected: DNS query: fpt.live.com
Source: global traffic DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net
Source: unknown Network traffic detected: HTTP traffic on port 63405 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63428 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63490
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63492
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63494
Source: unknown Network traffic detected: HTTP traffic on port 63457 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63440 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63420 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63405
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63404
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63407
Source: unknown Network traffic detected: HTTP traffic on port 63383 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63406
Source: unknown Network traffic detected: HTTP traffic on port 63443 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63409
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63408
Source: unknown Network traffic detected: HTTP traffic on port 63466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63492 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63484
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63487
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63486
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63401
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63488
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63403
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63402
Source: unknown Network traffic detected: HTTP traffic on port 63431 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63408 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63384
Source: unknown Network traffic detected: HTTP traffic on port 63481 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63383
Source: unknown Network traffic detected: HTTP traffic on port 63389 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63425 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63415
Source: unknown Network traffic detected: HTTP traffic on port 63419 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63417
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63419
Source: unknown Network traffic detected: HTTP traffic on port 63446 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63463 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63410
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63412
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63413
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 63455 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63480 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63407 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63390
Source: unknown Network traffic detected: HTTP traffic on port 63449 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63461 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63427
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63426
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63429
Source: unknown Network traffic detected: HTTP traffic on port 63441 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63428
Source: unknown Network traffic detected: HTTP traffic on port 63464 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63494 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63386
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63385
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63388
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63421
Source: unknown Network traffic detected: HTTP traffic on port 63435 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63387
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63420
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63423
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63389
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63422
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63425
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63424
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 63433 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63427 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63483 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63387 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63402 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63438
Source: unknown Network traffic detected: HTTP traffic on port 63444 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63439
Source: unknown Network traffic detected: HTTP traffic on port 63438 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63472 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63397
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63430
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63396
Source: unknown Network traffic detected: HTTP traffic on port 63413 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63432
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63398
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63431
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63434
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63433
Source: unknown Network traffic detected: HTTP traffic on port 63398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63435
Source: unknown Network traffic detected: HTTP traffic on port 63396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63453 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63424 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63409 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63401 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63449
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63448
Source: unknown Network traffic detected: HTTP traffic on port 63447 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63441
Source: unknown Network traffic detected: HTTP traffic on port 63473 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63440
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63442
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63445
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63444
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63447
Source: unknown Network traffic detected: HTTP traffic on port 63410 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63446
Source: unknown Network traffic detected: HTTP traffic on port 63429 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63461
Source: unknown Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63421 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63404 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63442 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63467 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63452
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63453
Source: unknown Network traffic detected: HTTP traffic on port 63415 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63455
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63458
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63457
Source: unknown Network traffic detected: HTTP traffic on port 63432 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63472
Source: unknown Network traffic detected: HTTP traffic on port 63484 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63474 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63403 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63385 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63439 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63445 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63487 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63490 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63412 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63463
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63462
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63464
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63467
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63466
Source: unknown Network traffic detected: HTTP traffic on port 63397 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63406 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63481
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63480
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63483
Source: unknown Network traffic detected: HTTP traffic on port 63448 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63462 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63423 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63417 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63474
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63473
Source: unknown Network traffic detected: HTTP traffic on port 63434 -> 443
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:63419 version: TLS 1.2
Source: classification engine Classification label: clean4.winEML@30/54@42/272
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1405290023-6772.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File read: C:\Users\desktop.ini
Source: C:\Windows\System32\CredentialUIBroker.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "256A06C8-6C82-47F4-9A9E-69596042134D" "757AFFAA-D8BF-4805-AB07-7B19F4180D1B" "6772" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "256A06C8-6C82-47F4-9A9E-69596042134D" "757AFFAA-D8BF-4805-AB07-7B19F4180D1B" "6772" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT05ZjZkOWVjNy0xMzk0LTRjNDQtYWI3NS03MmQ2ZGMyMjJhYmUmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2012,i,671322920555726367,1893836283750602359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT05ZjZkOWVjNy0xMzk0LTRjNDQtYWI3NS03MmQ2ZGMyMjJhYmUmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2012,i,671322920555726367,1893836283750602359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: unknown Process created: C:\Windows\System32\CredentialUIBroker.exe "C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: twinapi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: twinui.appcore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wldp.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.creddialogcontroller.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.xamlhost.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.cred.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wincorlib.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: mrmcorer.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: textinputframework.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: inputhost.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: propsys.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: languageoverlayutil.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.xaml.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: bcp47langs.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dcomp.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: profapi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: netutils.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dxgi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dwrite.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: d3d11.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.globalization.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: d3d10warp.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dxcore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: d2d1.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.ui.xaml.controls.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: fontglyphanimator.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dwmapi.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.internal.ui.logon.proxystub.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: directmanipulation.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprovdatamodel.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprovhost.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: samcli.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprovs.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: smartcardcredentialprovider.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprovslegacy.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: cngcredui.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: facecredentialprovider.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: dsreg.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.devices.enumeration.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: structuredquery.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: biocredprov.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: ngckeyenum.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: cxcredprov.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: ngccredprov.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: certcredprovider.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: icu.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wlidcredprov.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: mswb7.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: fidocredprov.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: aadauthhelper.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: cryptngc.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: devobj.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprov2fahelper.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: devdispitemprovider.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windows.media.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: credprovhelper.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: winsta.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: idstore.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: samlib.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: policymanager.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: winbio.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: windowscodecs.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: threadpoolwinrt.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: webauthn.dll
Source: C:\Windows\System32\CredentialUIBroker.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Stores large binary data to the registry
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\CredentialUIBroker.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Windows\System32\CredentialUIBroker.exe Queries volume information: C:\Windows\SystemResources\Windows.UI.BioFeedback\Fonts\NUIMDL2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.6.156
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
51.132.193.104
 unknown United Kingdom
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
35.190.10.96
 inbound-weighted.protechts.net United States
15169 GOOGLEUS false
13.107.246.45
 s-part-0017.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
23.38.98.104
 unknown United States
16625 AKAMAI-ASUS false
13.107.246.60
 s-part-0032.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.185.227
 unknown United States
15169 GOOGLEUS false
52.167.30.171
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.42.22
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
20.189.173.17
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.109.68.129
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
20.190.160.14
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.126.29.12
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.109.32.97
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
199.232.214.172
 bg.microsoft.map.fastly.net United States
54113 FASTLYUS false
95.101.54.113
 unknown European Union
34164 AKAMAI-LONGB false
23.46.239.91
 unknown United States
20940 AKAMAI-ASN1EU false
20.190.190.131
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.217.18.110
 unknown United States
15169 GOOGLEUS false
34.107.199.61
 stk.hsprotect.net United States
15169 GOOGLEUS false
52.113.194.132
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
64.233.177.95
 unknown United States
15169 GOOGLEUS false
20.42.73.30
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
74.125.136.94
 unknown United States
15169 GOOGLEUS false
34.104.35.123
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
40.126.62.132
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.57
 s-part-0029.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.186.106
 unknown United States
15169 GOOGLEUS false
20.190.159.4
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
2.19.126.151
 unknown European Union
16625 AKAMAI-ASUS false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false
142.250.186.142
 unknown United States
15169 GOOGLEUS false
64.233.184.84
 unknown United States
15169 GOOGLEUS false
142.250.186.100
 www.google.com United States
15169 GOOGLEUS false
23.38.98.69
 unknown United States
16625 AKAMAI-ASUS false

Private

IP
192.168.2.18

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.214.172 true
inbound-weighted.protechts.net 35.190.10.96 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
sni1gl.wpc.omegacdn.net 152.199.21.175 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
www.google.com 142.250.186.100 true
stk.hsprotect.net 34.107.199.61 true
s-part-0032.t-0009.t-msedge.net 13.107.246.60 true
s-part-0029.t-0009.t-msedge.net 13.107.246.57 true
nam.safelink.emails.azure.net unknown unknown
signup.live.com unknown unknown
client.hsprotect.net unknown unknown
identity.nel.measure.office.net unknown unknown
msft.hsprotect.net unknown unknown
aadcdn.msftauth.net unknown unknown
collector-pxzc5j78di.hsprotect.net unknown unknown
logincdn.msftauth.net unknown unknown
login.microsoftonline.com unknown unknown
fpt.live.com unknown unknown