Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
(No subject) (60).eml

Overview

General Information

Sample name:(No subject) (60).eml
Analysis ID:1500042
MD5:18177185c529816c40f29602654b350b
SHA1:e117e656b542113495653ee94d32768eb253839a
SHA256:5193d407543ce327b203d8f51eb64ea7cc3ff95327837617526d11c2cd42ec8f
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected BlockedWebSite
Creates a window with clipboard capturing capabilities
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7048 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (60).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6328 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6C80195C-4D1F-4CEB-959B-8C0EC38D0691" "1DDA0EF2-0F70-4CFF-A438-4766E64439EC" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1752,i,3634399964213929048,15866051322464257806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1916,i,2109933875426074902,13146506870367632465,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • HxOutlook.exe (PID: 7044 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 7528 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • OUTLOOK.EXE (PID: 7696 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" -Embedding MD5: 91A5292942864110ED734005B7E005C0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_85JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
      1.1.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

        Sigma Signatures

        Sigma detected: Office Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com/Avira URL Cloud: Label: phishing

        Phishing

        barindex
        Yara detected BlockedWebSite
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: 1.1.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_85, type: DROPPED
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49710 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49716 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49717 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49719 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.16:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49748 version: TLS 1.2
        Source: global trafficHTTP traffic detected: GET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
        Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
        Source: Joe Sandbox ViewIP Address: 104.47.64.28 104.47.64.28
        Source: Joe Sandbox ViewIP Address: 104.47.65.28 104.47.65.28
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: unknownTCP traffic detected without corresponding DNS query: 52.191.219.104
        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WOORxlo+RoS5dvA&MD=CHY4tfS9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficHTTP traffic detected: GET /?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /Content/Scripts/safelinksv2.css HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=B5786FF8-3453-4616-B94D-5348C714CD0F&ring=7 HTTP/1.1Accept: */*User-Agent: microsoft.windowscommunicationsappsAccept-Language: en-CHAccept-Encoding: gzip, deflate, brHost: settings.data.microsoft.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WOORxlo+RoS5dvA&MD=CHY4tfS9 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficDNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: augloop.office.com
        Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
        Source: (No subject) (60).emlString found in binary or memory: http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazon=
        Source: chromecache_85.14.drString found in binary or memory: http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com/
        Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://augloop.office.com/settings.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
        Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://json-schema.org/draft-07/schema#
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
        Source: HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/
        Source: HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/gecacheFileFullNotificationPercentagehttp://test-exp-s2s.msedge.ne
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
        Source: (No subject) (60).eml, ~WRS{A16DBECF-BE96-46B0-90B5-19749B6A6F81}.tmp.0.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.aadrm.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.aadrm.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.cortana.ai
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.diagnostics.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.microsoftstream.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.microsoftstream.com/api/
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.office.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.onedrive.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://api.scheduler.
        Source: HxAccounts.exe, 00000016.00000002.2488682335.0000024476C2B000.00000004.00000020.00020000.00000000.sdmp, 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://apis.live.net/v5.0/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://app.powerbi.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
        Source: App1724782246862756900_EB5E8972-8103-4A3D-9AD4-27E1E4037E69.log.0.dr, 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://augloop.office.com
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://augloop.office.com/v2
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
        Source: HxAccounts.exe, 00000016.00000002.2488117129.0000024476C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/
        Source: HxAccounts.exe, 00000016.00000002.2488117129.0000024476C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/f
        Source: HxAccounts.exe, 00000016.00000002.2488117129.0000024476C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az815563.vo.msecnd.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://canary.designerapp.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.entity.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://config.edge.skype.com
        Source: HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
        Source: HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/
        Source: HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/https://config.edge.skype.com/config/v1/cacheFileFullNotific
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cortana.ai
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cortana.ai/api
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://cr.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://d.docs.live.net
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dataservice.o365filtering.com
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dataservice.o365filtering.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://designerapp.azurewebsites.net
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dev.cortana.ai
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://devnull.onenote.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://directory.services.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ecs.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://edge.skype.com/rps
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
        Source: (No subject) (60).emlString found in binary or memory: https://eu.docusign.net/Member/EmailStart.aspx?m=3D7e62e6e=
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
        Source: chromecache_85.14.drString found in binary or memory: https://gcc02.safelinks.protection.outlook.com
        Source: (No subject) (60).emlString found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dh=
        Source: ~WRS{A16DBECF-BE96-46B0-90B5-19749B6A6F81}.tmp.0.drString found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://graph.ppe.windows.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://graph.ppe.windows.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://graph.windows.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://graph.windows.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ic3.teams.office.com
        Source: (No subject) (60).emlString found in binary or memory: https://inboxflows.com/_/image/https%253A%252F%252Feu.docusign.net%252FMem=
        Source: (No subject) (60).emlString found in binary or memory: https://inboxflows.com/_/image/https%253A%252F%252Feu=
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://incidents.diagnostics.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://invites.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://lifecycle.office.com
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/NT
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.microsoftonline.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.microsoftonline.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmp, 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.windows.local
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://make.powerautomate.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://management.azure.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://management.azure.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.action.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.engagement.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://messaging.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ncus.contentsync.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ncus.pagecontentsync.
        Source: HxAccounts.exe, 00000016.00000002.2488351015.0000024476C13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nexusrules.officeapps.live.comhttps://nexus.officeapps.live.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officeapps.live.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officepyservice.office.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://onedrive.live.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://onedrive.live.com/embed?
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://otelrules.azureedge.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office365.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office365.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://outlook.office365.com/connectors
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pages.store.office.com/review/query
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://powerlift.acompli.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://pushchannel.1drv.ms
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://res.cdn.office.net
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://service.powerapps.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://settings.outlook.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://shell.suite.office.com:1443
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://skyapi.live.net/Activity/
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://staging.cortana.ai
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://store.office.cn/addinstemplate
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://store.office.de/addinstemplate
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://substrate.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://tasks.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://templatesmetadata.office.net/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://web.microsoftstream.com/video/
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
        Source: BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://webshell.suite.office.com
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://wus2.contentsync.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://wus2.pagecontentsync.
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://www.odwebp.svc.ms
        Source: 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drString found in binary or memory: https://www.yammer.com
        Source: HxAccounts.exe, 00000016.00000002.2496133472.000002447E415000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
        Source: HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/https://xsts.auth.xboxlive.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49710 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49716 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49717 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49719 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.191.219.104:443 -> 192.168.2.16:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.16:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49748 version: TLS 1.2
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASSJump to behavior
        Source: classification engineClassification label: mal56.phis.winEML@27/43@11/5
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1410460652-7048.etlJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (60).eml"
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6C80195C-4D1F-4CEB-959B-8C0EC38D0691" "1DDA0EF2-0F70-4CFF-A438-4766E64439EC" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1752,i,3634399964213929048,15866051322464257806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1916,i,2109933875426074902,13146506870367632465,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
        Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
        Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" -Embedding
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6C80195C-4D1F-4CEB-959B-8C0EC38D0691" "1DDA0EF2-0F70-4CFF-A438-4766E64439EC" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0Jump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1752,i,3634399964213929048,15866051322464257806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1916,i,2109933875426074902,13146506870367632465,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dllJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
        Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
        Source: settings.dat.17.drBinary or memory string: VMware, Inc. VMware20,1?O
        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
        Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        Process Injection        		1
        Masquerading        		OS Credential Dumping1
        Security Software Discovery        		Remote Services1
        Clipboard Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder        		1
        DLL Side-Loading        		1
        Process Injection        		LSASS Memory1
        Process Discovery        		Remote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Registry Run Keys / Startup Folder        		1
        DLL Side-Loading        		Security Account Manager14
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1500042 Sample: (No subject) (60).eml Startdate: 27/08/2024 Architecture: WINDOWS Score: 56 32 augloop.office.com 2->32 40 Antivirus detection for URL or domain 2->40 42 Yara detected BlockedWebSite 2->42 8 OUTLOOK.EXE 326 151 2->8         started        10 HxOutlook.exe 62 18 2->10         started        12 HxAccounts.exe 2->12         started        14 OUTLOOK.EXE 2->14         started        signatures3 process4 process5 16 chrome.exe 9 8->16         started        19 chrome.exe 8->19         started        21 ai.exe 8->21         started        dnsIp6 28 192.168.2.16, 138, 443, 49691 unknown unknown 16->28 30 239.255.255.250 unknown Reserved 16->30 23 chrome.exe 16->23         started        26 chrome.exe 19->26         started        process7 dnsIp8 34 gcc02.safelinks.eop-tm2.outlook.com 104.47.64.28, 443, 49724, 49725 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->34 36 104.47.65.28, 443, 49729, 49731 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->36 38 2 other IPs or domains 23->38

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://shell.suite.office.com:14430%URL Reputationsafe
        https://designerapp.azurewebsites.net0%URL Reputationsafe
        https://autodiscover-s.outlook.com/0%URL Reputationsafe
        https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
        https://outlook.office365.com/connectors0%URL Reputationsafe
        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
        https://cdn.entity.0%URL Reputationsafe
        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
        https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
        https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
        https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
        https://api.aadrm.com/0%URL Reputationsafe
        https://canary.designerapp.0%URL Reputationsafe
        https://www.yammer.com0%URL Reputationsafe
        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
        https://cr.office.com0%URL Reputationsafe
        https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
        https://otelrules.svc.static.microsoft0%URL Reputationsafe
        https://edge.skype.com/registrar/prod0%URL Reputationsafe
        https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
        https://tasks.office.com0%URL Reputationsafe
        https://officeci.azurewebsites.net/api/0%URL Reputationsafe
        https://store.office.cn/addinstemplate0%URL Reputationsafe
        https://edge.skype.com/rps0%URL Reputationsafe
        https://messaging.engagement.office.com/0%URL Reputationsafe
        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
        https://www.odwebp.svc.ms0%URL Reputationsafe
        https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
        https://web.microsoftstream.com/video/0%URL Reputationsafe
        https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
        https://graph.windows.net0%URL Reputationsafe
        https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
        https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
        https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
        https://ncus.contentsync.0%URL Reputationsafe
        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
        http://weather.service.msn.com/data.aspx0%URL Reputationsafe
        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
        https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
        https://pushchannel.1drv.ms0%URL Reputationsafe
        https://wus2.contentsync.0%URL Reputationsafe
        https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
        https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
        https://xsts.auth.xboxlive.com0%URL Reputationsafe
        https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
        https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
        https://entitlement.diagnostics.office.com0%URL Reputationsafe
        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
        https://api.microsoftstream.com/api/0%Avira URL Cloudsafe
        https://login.microsoftonline.com0%URL Reputationsafe
        https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
        https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
        https://gcc02.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css0%Avira URL Cloudsafe
        https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
        https://service.powerapps.com0%URL Reputationsafe
        https://graph.windows.net/0%URL Reputationsafe
        https://devnull.onenote.com0%URL Reputationsafe
        https://messaging.office.com/0%URL Reputationsafe
        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
        https://skyapi.live.net/Activity/0%URL Reputationsafe
        https://d.docs.live.net0%Avira URL Cloudsafe
        https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
        https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
        https://staging.cortana.ai0%URL Reputationsafe
        https://augloop.office.com0%URL Reputationsafe
        https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
        https://login.windows.local/0%URL Reputationsafe
        https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
        https://officepyservice.office.net/0%URL Reputationsafe
        https://api.diagnostics.office.com0%URL Reputationsafe
        https://gcc02.safelinks.protection.outlook.com/Content/Scripts/site.js0%Avira URL Cloudsafe
        https://store.office.de/addinstemplate0%URL Reputationsafe
        https://wus2.pagecontentsync.0%URL Reputationsafe
        https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
        https://cortana.ai/api0%URL Reputationsafe
        https://api.diagnosticssdf.office.com0%URL Reputationsafe
        https://login.microsoftonline.com/0%URL Reputationsafe
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
        https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
        https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
        https://powerlift.acompli.net0%URL Reputationsafe
        https://cortana.ai0%URL Reputationsafe
        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
        https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
        https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
        https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
        https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
        https://ic3.teams.office.com0%URL Reputationsafe
        https://xsts.auth.xboxlive.com/https://xsts.auth.xboxlive.com0%Avira URL Cloudsafe
        https://outlook.office.com/0%Avira URL Cloudsafe
        https://storage.live.com/clientlogs/uploadlocation0%Avira URL Cloudsafe
        https://api.cortana.ai0%Avira URL Cloudsafe
        https://onedrive.live.com/embed?0%Avira URL Cloudsafe
        https://gcc02.safelinks.protection.outlook.com/Content/images/cross.png0%Avira URL Cloudsafe
        http://augloop.office.com/settings.json0%Avira URL Cloudsafe
        http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com/100%Avira URL Cloudphishing
        https://config.edge.skype.net/config/v1/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        bg.microsoft.map.fastly.net
        		199.232.214.172
        		truefalse
          		unknown
          gcc02.safelinks.eop-tm2.outlook.com
          		104.47.64.28
          		truefalse
            		unknown
            www.google.com
            		142.250.185.100
            		truefalse
              		unknown
              augloop.office.com
              		unknown
              		unknownfalse
                		unknown
                gcc02.safelinks.protection.outlook.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://gcc02.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.cssfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://gcc02.safelinks.protection.outlook.com/Content/Scripts/site.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0false
                    		unknown
                    https://gcc02.safelinks.protection.outlook.com/Content/images/cross.pngfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://shell.suite.office.com:144321E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://designerapp.azurewebsites.net21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://autodiscover-s.outlook.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://useraudit.o365auditrealtimeingestion.manage.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office365.com/connectors21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.entity.BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://lookup.onenote.com/lookup/geolocation/v121E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.aadrm.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://canary.designerapp.21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.yammer.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.microsoftstream.com/api/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cr.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messagebroker.mobile.m365.svc.cloud.microsoft21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://otelrules.svc.static.microsoft21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://edge.skype.com/registrar/prod21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://res.getmicrosoftkey.com/api/redemptionevents21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://tasks.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officeci.azurewebsites.net/api/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://my.microsoftpersonalcontent.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.office.cn/addinstemplate21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://edge.skype.com/rps21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messaging.engagement.office.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.odwebp.svc.ms21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.powerbi.com/v1.0/myorg/groups21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://web.microsoftstream.com/video/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.store.officeppe.com/addinstemplate21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://graph.windows.net21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://consent.config.office.com/consentcheckin/v1.0/consents21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://d.docs.live.net21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://safelinks.protection.outlook.com/api/GetPolicy21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ncus.contentsync.21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://weather.service.msn.com/data.aspx21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://pushchannel.1drv.ms21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://wus2.contentsync.21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/iosBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.omex.office.net/api/addins/search21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://xsts.auth.xboxlive.comHxAccounts.exe, 00000016.00000002.2496133472.000002447E415000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office365.com/api/v1.0/me/Activities21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/android/policiesBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://entitlement.diagnostics.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://xsts.auth.xboxlive.com/https://xsts.auth.xboxlive.comHxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://outlook.office.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://storage.live.com/clientlogs/uploadlocation21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://login.microsoftonline.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://substrate.office.com/search/api/v1/SearchHistory21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/c2r/v1.0/InteractiveInstallation21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://service.powerapps.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://graph.windows.net/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://devnull.onenote.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messaging.office.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://skyapi.live.net/Activity/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.cortana.aiBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://messaging.action.office.com/setcampaignaction21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://visio.uservoice.com/forums/368202-visio-on-devices21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://staging.cortana.aiBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://onedrive.live.com/embed?21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://augloop.office.comApp1724782246862756900_EB5E8972-8103-4A3D-9AD4-27E1E4037E69.log.0.dr, 21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.diagnosticssdf.office.com/v2/fileBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.windows.local/HxAccounts.exe, 00000016.00000002.2495308817.000002447E2C9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officepyservice.office.net/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.diagnostics.office.comBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.office.de/addinstemplate21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://wus2.pagecontentsync.21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.powerbi.com/v1.0/myorg/datasets21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cortana.ai/apiBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.diagnosticssdf.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.microsoftonline.com/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com/chromecache_85.14.drfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    https://api.addins.omex.office.net/appinfo/query21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://augloop.office.com/settings.jsonprep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/tenantassociationkeyBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://powerlift.acompli.net21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cortana.aiBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.powerbi.com/v1.0/myorg/importsBABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cloudfiles.onenote.com/upload.aspx21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://entitlement.diagnosticssdf.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ofcrecsvcapi-int.azurewebsites.net/21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ic3.teams.office.com21E3E4E3-E841-4F98-9AD6-240B3CCFA172.17.dr, BABBC931-1DC9-47BC-8C59-C91C7338C844.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://config.edge.skype.net/config/v1/HxAccounts.exe, 00000016.00000002.2489013830.0000024476C51000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    142.250.185.100
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    104.47.64.28
                    		gcc02.safelinks.eop-tm2.outlook.comUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    104.47.65.28
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                    Private

                    IP
                    192.168.2.16

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1500042
                    Start date and time:2024-08-27 20:10:16 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 45s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:28
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:(No subject) (60).eml
                    Detection:MAL
                    Classification:mal56.phis.winEML@27/43@11/5
                    Cookbook Comments:
                    • Found application associated with file extension: .eml

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, ApplicationFrameHost.exe
                    • Excluded IPs from analysis (whitelisted): 199.232.214.172, 93.184.221.240, 52.109.89.18, 184.28.90.27, 52.109.76.243, 52.113.194.132, 2.19.126.160, 2.19.126.151, 52.182.143.210, 142.250.185.227, 142.250.185.206, 74.125.206.84, 34.104.35.123, 13.107.42.16, 52.111.231.25, 52.111.231.23, 52.111.231.26, 52.111.231.24, 52.111.236.18, 52.111.231.21, 142.250.186.163, 142.250.186.142, 52.111.243.13
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, augloop-prod-pc04.northeurope.cloudapp.azure.com, clientservices.googleapis.com, augloop-prod-pa00.westeurope.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, mobile.events.data.microsoft.com, clients2.google.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, officeclient.microsoft.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, onedscolprdcus10.centralus.cloudapp.azure.com, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, nleditor.osi.office.net, outlookmobile-office365-tas.msedge.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, settings.data.microsoft.com, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtCreateFile calls found.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: (No subject) (60).eml

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    239.255.255.250Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                      (No subject) (59).emlGet hashmaliciousHTMLPhisherBrowse
                        https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                          http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                            https://t.co/CFNobJuJq9Get hashmaliciousHTMLPhisherBrowse
                              http://esc-dot-wind-blade-416540.uk.r.appspot.comGet hashmaliciousHTMLPhisherBrowse
                                Status Update ECKY2.htmlGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      Electronic_Receipt_ATT0001.htmGet hashmaliciousHTMLPhisherBrowse
                                        104.47.64.28(No subject) (53).emlGet hashmaliciousUnknownBrowse
                                          https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                            https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                              (No subject) (48).emlGet hashmaliciousUnknownBrowse
                                                (No subject) (45).emlGet hashmaliciousUnknownBrowse
                                                  (No subject) (44).emlGet hashmaliciousUnknownBrowse
                                                    (No subject) (33).emlGet hashmaliciousUnknownBrowse
                                                      (No subject) (29).emlGet hashmaliciousHTMLPhisherBrowse
                                                        (No subject) (24).emlGet hashmaliciousHTMLPhisherBrowse
                                                          (No subject) (9).emlGet hashmaliciousHTMLPhisherBrowse
                                                            104.47.65.28(No subject) (53).emlGet hashmaliciousUnknownBrowse
                                                              (No subject) (50).emlGet hashmaliciousUnknownBrowse
                                                                https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                                  https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                                    (No subject) (43).emlGet hashmaliciousUnknownBrowse
                                                                      (No subject) (39).emlGet hashmaliciousUnknownBrowse
                                                                        (No subject) (30).emlGet hashmaliciousHTMLPhisherBrowse
                                                                          (No subject) (29).emlGet hashmaliciousHTMLPhisherBrowse
                                                                            (No subject) (9).emlGet hashmaliciousHTMLPhisherBrowse
                                                                              20240607.emlGet hashmaliciousUnknownBrowse

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                gcc02.safelinks.eop-tm2.outlook.com(No subject) (53).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.65.28
                                                                                (No subject) (50).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.65.28
                                                                                https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                                                • 104.47.65.28
                                                                                https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                                                • 104.47.64.28
                                                                                (No subject) (48).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.64.28
                                                                                (No subject) (45).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.64.28
                                                                                (No subject) (44).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.64.28
                                                                                (No subject) (43).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.65.28
                                                                                (No subject) (39).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.65.28
                                                                                (No subject) (33).emlGet hashmaliciousUnknownBrowse
                                                                                • 104.47.64.28
                                                                                bg.microsoft.map.fastly.netMadisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 199.232.214.172
                                                                                https://email-10.moengage.com/v1/emailclick?q=J9hmu1r6QKZrUydA7M0LhmLQ5i7Dg0Nl6MHK33dlRRiHDGLaUmrV29w-y9KVmRzhTLgNQhsm45GxW8V8xKrQoKNDHjB7CRmg_1cweH.uPLe.3eHt_gc8HUYJyNafgEERmJL2LxAT8X7OcG6eGtfAfBO9PAxgYyMwORkMW2Shu_8EgxVomZ4n5YVrJ6BeKFaCmD6d2Q4-0na_EglsL0Brj6yR2v6QG0HeFNJCVHWIDqcMyqe_r88-cETjiVnbQ8n6AdsU8zQ3H7iztnEZXRzETHYdGTm5hvYgsr5Sg7bkrF81eht6fM_e-ibIZP2oMLvBT1zWn_xe_wasEim1gTvVJRTqev1AuuHjN-EARFMZfriSXRqAx2EgGZLcoc2EiPI4kOQISdubWyzK9Xtj10aCP_wAt6KxwJRnrrWNRvn3blBJWnngxtQFXjDGd_qwCgdLvQwPLy5R0skEjnG0HC7MA#V2xjMVEyVlhTWHBSYlhocVRVVktkbGRXWkRSak1XdDVUMVJHYVdKc1NURlVSekExWlZad00xQlVNRDA9Get hashmaliciousHTMLPhisherBrowse
                                                                                • 199.232.210.172
                                                                                signature.pdfGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                17247721854992a239a10dc9d698a853fc08f17659bf477258150484d560d105950a258f8e379.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                • 199.232.214.172
                                                                                https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3JnGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3JnGet hashmaliciousUnknownBrowse
                                                                                • 199.232.210.172
                                                                                https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFgXXvv2-2BWxavJhSFh1X9YeE09JxYfGZOrfNXpE1b1zMSec6V_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZNvtRLmuq9nwTUBLvlyUQLSTjA0dDcTtmNJHz5AQBzdlGtncKRz08-2BYDBtkpKhh0KX17i2fmd5it7ecx-2FWvhsbD-2BwYBTTPKQ3j-2FAyMvTur79Dsx-2FPO7GwMrKARE8VWDjAjvStKY75qeeBLXHuDipEV3KKO3k4ABqkQG2RlytfHIDieNQv9UnoJapwQuVaik0jLuTXarvnnfl3sa3LYFT4h4hVVagLZJwfqoXYBXcReN-2F1X4eM9FZF-2BvVOXIZ-2BqDy2Q-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                • 199.232.210.172
                                                                                Gov Annual Salary + Employer - Provided Benefits.pdfGet hashmaliciousPhisherBrowse
                                                                                • 199.232.210.172
                                                                                http://www.empoweryourretirement.comGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                http://o62arw.dsjpropertymanagementllc.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                • 199.232.210.172

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSMadisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.98.171.226
                                                                                https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                • 20.119.128.8
                                                                                http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                                                                                • 23.101.158.41
                                                                                http://esc-dot-wind-blade-416540.uk.r.appspot.comGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.98.179.50
                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                • 13.107.246.57
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                • 52.123.240.23
                                                                                https://email-10.moengage.com/v1/emailclick?q=J9hmu1r6QKZrUydA7M0LhmLQ5i7Dg0Nl6MHK33dlRRiHDGLaUmrV29w-y9KVmRzhTLgNQhsm45GxW8V8xKrQoKNDHjB7CRmg_1cweH.uPLe.3eHt_gc8HUYJyNafgEERmJL2LxAT8X7OcG6eGtfAfBO9PAxgYyMwORkMW2Shu_8EgxVomZ4n5YVrJ6BeKFaCmD6d2Q4-0na_EglsL0Brj6yR2v6QG0HeFNJCVHWIDqcMyqe_r88-cETjiVnbQ8n6AdsU8zQ3H7iztnEZXRzETHYdGTm5hvYgsr5Sg7bkrF81eht6fM_e-ibIZP2oMLvBT1zWn_xe_wasEim1gTvVJRTqev1AuuHjN-EARFMZfriSXRqAx2EgGZLcoc2EiPI4kOQISdubWyzK9Xtj10aCP_wAt6KxwJRnrrWNRvn3blBJWnngxtQFXjDGd_qwCgdLvQwPLy5R0skEjnG0HC7MA#V2xjMVEyVlhTWHBSYlhocVRVVktkbGRXWkRSak1XdDVUMVJHYVdKc1NURlVSekExWlZad00xQlVNRDA9Get hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.57
                                                                                phish_alert_iocp_v1.4.48 (39).emlGet hashmaliciousTycoon2FABrowse
                                                                                • 52.113.194.132
                                                                                phish_alert_iocp_v1.4.48 (38).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.109.76.240
                                                                                AG Uncorked IRMI Wine Mixer Invite.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.60
                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSMadisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.98.171.226
                                                                                https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                • 20.119.128.8
                                                                                http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                                                                                • 23.101.158.41
                                                                                http://esc-dot-wind-blade-416540.uk.r.appspot.comGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.98.179.50
                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                • 13.107.246.57
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                • 52.123.240.23
                                                                                https://email-10.moengage.com/v1/emailclick?q=J9hmu1r6QKZrUydA7M0LhmLQ5i7Dg0Nl6MHK33dlRRiHDGLaUmrV29w-y9KVmRzhTLgNQhsm45GxW8V8xKrQoKNDHjB7CRmg_1cweH.uPLe.3eHt_gc8HUYJyNafgEERmJL2LxAT8X7OcG6eGtfAfBO9PAxgYyMwORkMW2Shu_8EgxVomZ4n5YVrJ6BeKFaCmD6d2Q4-0na_EglsL0Brj6yR2v6QG0HeFNJCVHWIDqcMyqe_r88-cETjiVnbQ8n6AdsU8zQ3H7iztnEZXRzETHYdGTm5hvYgsr5Sg7bkrF81eht6fM_e-ibIZP2oMLvBT1zWn_xe_wasEim1gTvVJRTqev1AuuHjN-EARFMZfriSXRqAx2EgGZLcoc2EiPI4kOQISdubWyzK9Xtj10aCP_wAt6KxwJRnrrWNRvn3blBJWnngxtQFXjDGd_qwCgdLvQwPLy5R0skEjnG0HC7MA#V2xjMVEyVlhTWHBSYlhocVRVVktkbGRXWkRSak1XdDVUMVJHYVdKc1NURlVSekExWlZad00xQlVNRDA9Get hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.57
                                                                                phish_alert_iocp_v1.4.48 (39).emlGet hashmaliciousTycoon2FABrowse
                                                                                • 52.113.194.132
                                                                                phish_alert_iocp_v1.4.48 (38).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.109.76.240
                                                                                AG Uncorked IRMI Wine Mixer Invite.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.60

                                                                                JA3 Fingerprints

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                28a2c9bd18a11de089ef85a160da29e4doc1.exeGet hashmaliciousClipboard Hijacker, Snake KeyloggerBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                (No subject) (59).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                https://t.co/CFNobJuJq9Get hashmaliciousHTMLPhisherBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                http://esc-dot-wind-blade-416540.uk.r.appspot.comGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                Status Update ECKY2.htmlGet hashmaliciousUnknownBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                Electronic_Receipt_ATT0001.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                • 52.191.219.104
                                                                                • 20.190.159.73
                                                                                • 52.165.165.26
                                                                                6271f898ce5be7dd52b0fc260d0662b3Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                RFQ No. 109078906.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                Pago pendientes.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                https://steamcommunityj.com/giftcarts/actlvation/feor38565Drgs18Get hashmaliciousUnknownBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                http://o62arw.dsjpropertymanagementllc.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                SecuriteInfo.com.Win32.Evo-gen.32510.30631.exeGet hashmaliciousGhostRat, Nitol, RamnitBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                Produccion.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                validacao_residencia_subsidio_mobilidade_porto_santo - renovacao.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146
                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                • 13.107.5.88
                                                                                • 51.124.78.146

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):231348
                                                                                Entropy (8bit):4.3941140015698075
                                                                                Encrypted:false
                                                                                SSDEEP:1536:OZYLCPgs/qajRNy1XgsPlNcAz79ysQqt2aFbdqoQX7rcm0FvZrzy3z/K6XmW0wlr:ZWgQrkgemiGu2uqoQLrt0Fvoz3oQCkmu
                                                                                MD5:3E5063CA4B277914FBAD787128827BC3
                                                                                SHA1:CA2A12C19B3FDDFFFAE0235C8D95F064FDA83DB7
                                                                                SHA-256:D9DF914497565DF8D076065D6CED2443E641940FA8519BCEF293DA84202BE6F8
                                                                                SHA-512:8DE2B1F06A8422B62D89CA6F0CE7A376370E53ED22FD9123043E67841725C117DD8C2FD10921DF4ED493CB0465023565145212F8C761A886BB02873BBDD96219
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:TH02...... ....f........SM01X...,....0.f............IPM.Activity...........h...............h............H..h,.Z......h....h........@!..H..h\cal ...pDat...h....0.....Z....h.m.............h........_`Qk...hfj..@...I.lw...h....H...8.Vk...0....T...............d.........2h...............k........#k.K..!h.............. h..Z.......Z...#h....8.........$h@!......8....."h..k.......k...'h..............1h.m..<.........0h....4....Vk../h....h.....VkH..h....p...,.Z...-h ........Z...+h"l..... .Z................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):521377
                                                                                Entropy (8bit):4.9084889265453135
                                                                                Encrypted:false
                                                                                SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                                MD5:C37972CBD8748E2CA6DA205839B16444
                                                                                SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                                SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                                SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                                Malicious:false
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                                C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                                Category:modified
                                                                                Size (bytes):773040
                                                                                Entropy (8bit):6.55939673749297
                                                                                Encrypted:false
                                                                                SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                                MD5:4296A064B917926682E7EED650D4A745
                                                                                SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                                SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                                SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                                Malicious:false
                                                                                Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):322260
                                                                                Entropy (8bit):4.000299760592446
                                                                                Encrypted:false
                                                                                SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                MD5:CC90D669144261B198DEAD45AA266572
                                                                                SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                Malicious:false
                                                                                Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):10
                                                                                Entropy (8bit):2.6464393446710157
                                                                                Encrypted:false
                                                                                SSDEEP:3:LBS9A:t6A
                                                                                MD5:4AEE6F6D4A2E1FC88FEF34FDE684E4AB
                                                                                SHA1:5C5378AC6E7F264885354F1E4F51900AE5588528
                                                                                SHA-256:66EACBAF37443C371B31027A79BA42DB9C999BB5E58FE33F2153D79A3DF5E91D
                                                                                SHA-512:71E93206388044B1B69C4239431E65BD85F7CDC05E9D0534C0DAE3DB49D390EDFA4C9AC39424EA8DA36389B0BD7028AF42581EE700CA860748EA38D11E4219AF
                                                                                Malicious:false
                                                                                Preview:1724782250

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\BABBC931-1DC9-47BC-8C59-C91C7338C844

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):176365
                                                                                Entropy (8bit):5.287475771821605
                                                                                Encrypted:false
                                                                                SSDEEP:1536:Ti2XfRAqcbH41gwEiLe7HW8bM/o/NMYcAZl1p5ihs7EXXmEAD2Odad:G4e7HW8bM/o/wXDku
                                                                                MD5:DC8EDF53DE39C3B7D4CC5437B87D2043
                                                                                SHA1:B20ACC0EAA1851B2EB132074D57B56DF9B7E9AE1
                                                                                SHA-256:D9162E649BDFDCEEAFEE945AA10AAE161F42660A8BF8BE5487E20450FD33A074
                                                                                SHA-512:6BC7C774D46CE7BBF7C3C46398A0D69B853EDEACF58F182F3A5561E3921200EFEE0E71C83CCC58D4B22CBDF93DD3BB961F8663D795127E1B63B7CE51B6EFB1E0
                                                                                Malicious:false
                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-27T18:10:48">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                Category:dropped
                                                                                Size (bytes):4096
                                                                                Entropy (8bit):0.09304735440217722
                                                                                Encrypted:false
                                                                                SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                                                                                MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                                                                SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                                                                SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                                                                SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                                                                Malicious:false
                                                                                Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:SQLite Rollback Journal
                                                                                Category:dropped
                                                                                Size (bytes):4616
                                                                                Entropy (8bit):0.1384465837476566
                                                                                Encrypted:false
                                                                                SSDEEP:3:7FEG2l+iklK/FllkpMRgSWbNFl/sl+ltlslN04l9Xll/n:7+/ldklSg9bNFlEs1E39X
                                                                                MD5:9DC0C26CC1846C9CD4F351381C2C5E08
                                                                                SHA1:4028914AF8CE69C894A9F267CED531F7E7B13003
                                                                                SHA-256:4C1DB62E456899757EA63BDAE33448E0C46C41222706A7443361C2660C0DBD6E
                                                                                SHA-512:A8BFE1AF60F67380D3DA4E8BDA58941BE2E6E53DCA4E697F392A4350A81AB7B50FCDDD6F11C604A47C8204F8242DD000FCE33895EDDD7CA09B4B439513EEE95C
                                                                                Malicious:false
                                                                                Preview:.... .c.......p.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):32768
                                                                                Entropy (8bit):0.0445382698033491
                                                                                Encrypted:false
                                                                                SSDEEP:3:G4l26pUT6ncil4l26pUT6ncXulL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2C66nV4l2C66ncqL9XXPH4l942U
                                                                                MD5:45436A7C229F78EF44F8D4697773B295
                                                                                SHA1:06E79680B7A864669BD6924C710E63608047A5A8
                                                                                SHA-256:B77E14AC6CBFD4F0F8C0194B22D81F464E71238D151CA233726D3242D9463EEC
                                                                                SHA-512:E3144D8A4A2A9612C07DA2FFB14EB67471E695B3728867FC703EAA74410B18241317ED124078F1B36E73995013160FFD20EF20DA1356A47C54233981AEFBEB2D
                                                                                Malicious:false
                                                                                Preview:..-......................]>...4;4Y...v....*.c...-......................]>...4;4Y...v....*.c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                Category:dropped
                                                                                Size (bytes):45352
                                                                                Entropy (8bit):0.3952351223691422
                                                                                Encrypted:false
                                                                                SSDEEP:24:K/QGN4bygj9s8QMIzRDv7ujqill7DBtDi4kZERDvds+j9lxqt8VtbDBtDi4kZERt:I78QjHill7DYMW6xO8VFDYMm
                                                                                MD5:25DD7BA5F1B7F6FC3430120CDEB050FF
                                                                                SHA1:D684C0CAE02A6DFB98234D4C07DF38B64338AD7F
                                                                                SHA-256:CFD7E0A245B9BE9A533DFA4FB2B494F1ECF0BA89E85454E680F473EC38402808
                                                                                SHA-512:07EAD69A6B37A2A25B17A3450D8348F389C5BF5162AA6ACE0E7AD90F6FB88DF698B7E590AD95D2C5642AC56700E3E7D7AFACB95AAF967111181008F117FF7780
                                                                                Malicious:false
                                                                                Preview:7....-..........4Y...v..\G.2"m........4Y...v.....K...SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A16DBECF-BE96-46B0-90B5-19749B6A6F81}.tmp

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):3652
                                                                                Entropy (8bit):3.0260918729613797
                                                                                Encrypted:false
                                                                                SSDEEP:48:4L2V23Y+qhSQV8XnVX/lXI0Fnf6N/hLqMeXrddLVmFZKl:xV23Y+qzhEHtmF4l
                                                                                MD5:5BC635920DF89FB227DD6B27D56D0A37
                                                                                SHA1:7EE52883C7CC7FEC5FF1574D7B322BF4D95CF4A6
                                                                                SHA-256:20A6FE5A11AD5390EBA32B60796AB31F48EFA1DBBEA69FEECC45AFAD2169C940
                                                                                SHA-512:C80D04DE7F16875430A98FBCD8F24CD234D290FFC7A65F67C77A42144FCA30E2E0BFF29973163CCB854BBA2E94F9A40FFD1DBA85066AC1F61BE388B47255EA32
                                                                                Malicious:false
                                                                                Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .m.m.o.r.r.i.s.@.b.r.a.d.y.l.a.w.g.r.o.u.p...n.e.t... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".....................................................................................................................................................................................................................................................................................................................................v...x...z............................................................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                                                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\21E3E4E3-E841-4F98-9AD6-240B3CCFA172

                                                                                Download File
                                                                                Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):173125
                                                                                Entropy (8bit):5.290332571901453
                                                                                Encrypted:false
                                                                                SSDEEP:1536:Ki2XPRAqIbz41gwErLe7HW8bM/hMYcAZl1p5ihs7gXXpEIJROdYd:RHe7HW8bM/AXOZ0
                                                                                MD5:06A9EF36B3FC1FE2BD8C782F6B762436
                                                                                SHA1:ACB8CB867397F03BA767147ABBC7D30A3E3CF21A
                                                                                SHA-256:6FB0D429024FBDBA6C31DEBFA59060F0CDB8542A91871F99B77A9B6DFF7DC844
                                                                                SHA-512:57B1F8C2BEEBFDBDF71FC000550EE80CCF49CF595974F7C93BAF7F98BF14CB8CBC3B2B79DD87F03B3A306C2290B97355FA47764BF94A10D6D255C4E6564C16DE
                                                                                Malicious:false
                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-27T18:11:15">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

                                                                                Download File
                                                                                Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):65536
                                                                                Entropy (8bit):0.12542682779451034
                                                                                Encrypted:false
                                                                                SSDEEP:12:gfBPqF69Fq5TjJJlpK8CWuQ1UMCl2M+aqc2EfK8CxLP:gfB1QJLKfGSMClCaoEfKfxT
                                                                                MD5:01F60A9D3094EBA444EFCDA4D304503B
                                                                                SHA1:E3142A755BD8D23589969B3BB6BA5752AC936185
                                                                                SHA-256:A3A85E0E38D6C1AD745FAD4852AE39B49F2BAD624626301F40DEBA56C641B087
                                                                                SHA-512:58998DCA39452928D9A6C73543FF8C04607F26EC3ECBF24D40E05EE6D5F3F19D413CD117552336DB8C5BE098DB0CF38421F8C34312334BB512BAB42B5EFA0607
                                                                                Malicious:false
                                                                                Preview:............................................................................b.......h....98.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y...........7k.............H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.....h...v.9.....................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

                                                                                Download File
                                                                                Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):65536
                                                                                Entropy (8bit):0.11963042459094325
                                                                                Encrypted:false
                                                                                SSDEEP:12:9QPqF69Fq5TWlj8CeuQ1UMCl2M+aqc2EOCL:o1TfOSMClCaoEFL
                                                                                MD5:F010F52A062C78F9F43B21175514FB1B
                                                                                SHA1:1D4026445673098114BA1A8D379B01F6AE8372F1
                                                                                SHA-256:9E24DA494BFE4EBB7A4212BDD9D6496A4C76E33B8E7026647455BA358C3F71ED
                                                                                SHA-512:3E30E2E46D09D1C720261CAE9D3118098D49B8937BE152217BA6215E554C207E9561E9A6F12B32601F8B9617F5E825C2AD8B8A54250BEF2E2776DFAE2A2869C6
                                                                                Malicious:false
                                                                                Preview:............................................................................@............@......................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y...........o..............H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P........................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

                                                                                Download File
                                                                                Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                Category:dropped
                                                                                Size (bytes):524288
                                                                                Entropy (8bit):2.558101501403555
                                                                                Encrypted:false
                                                                                SSDEEP:3072:AANVM/E7Tc6ftCg8vNsELwgBEjyOXt1UoLWwPAGn6x1QWAEFRbZqO/q7PEtbWglR:93sp6xLMJ4
                                                                                MD5:4E1844277B7B7F5541D532F6C015685A
                                                                                SHA1:E1367F52E51D3E8895F3BEC151DC9BCCE0B93EDD
                                                                                SHA-256:780BE10953AF17E4033C185C7BB73B52B4AD795BD077D2A5D0D5F5852C8A1783
                                                                                SHA-512:13FFF7B64AE36CB749A03205E25631A4F9BFA992E89FA64AC645A845652E5ABF9971694867302B271CB6393A1D4A91576125D103A1102AE0D9C44F2B06922550
                                                                                Malicious:false
                                                                                Preview:regf........b.Q.7.................. ....P......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmF.:e................................................................................................................................................................................................................................................................................................................................................A...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                Download File
                                                                                Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                Category:dropped
                                                                                Size (bytes):286720
                                                                                Entropy (8bit):4.027125897071114
                                                                                Encrypted:false
                                                                                SSDEEP:3072:MANVM/E7Tc6ftCg8vNsELwgBEjyOXt1UoLWwPAGn6x1QWAEFRbZqO/q7PEtbWglR:h3sp6xLMJ4
                                                                                MD5:ABEDD346163C0A84539ECD68BD263B00
                                                                                SHA1:59F51737EE6236ED31DC855FCA31356A37C53E56
                                                                                SHA-256:86316BF44689C1AB199C1E2F2D9D81AE94DFC0EA6677214A2299FEABD88CCCA0
                                                                                SHA-512:F2B9CBC92591E04D83B86A8534297FDC7E5AFC03761B324B6370D6204045FDE09208B7ECF76136E2FAFF2D8F8C6FCEEC5F13157B328A9D2708526E6F7F7FA929
                                                                                Malicious:false
                                                                                Preview:regf........b.Q.7.................. ....P......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmF.:e................................................................................................................................................................................................................................................................................................................................................F...HvLE.^...........P..........m.=O....O......P..hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk .&.u.................................X7..h...............8...............ConfigSettings..p...sk..x...x...?...t.......H...X.............4.........?.......................

                                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782246862756900_EB5E8972-8103-4A3D-9AD4-27E1E4037E69.log

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:ASCII text, with very long lines (28728), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):20971520
                                                                                Entropy (8bit):0.22236063014122015
                                                                                Encrypted:false
                                                                                SSDEEP:1536:KNLGxEJdkpTZI3NY33fHOWWnVHEKxjqNjYpAJi17xTOzwpBfwaHIhXp0AoyBKiop:rEvgG3NkW5UQyXp0z9H0Ne
                                                                                MD5:3F1EBF4CF3DE057474611BDB3F057607
                                                                                SHA1:B6EDBCCCDA382441377DC34C43E5F33256A5A2EC
                                                                                SHA-256:9BF9B55FBFA6ADBD46D7206AB5CA8BEDBDEC86978E2C054C81B78AB60B325928
                                                                                SHA-512:E2EAD1121BC9ADBA21C5EDE36AEBF9F261C2AA44C640FEC2C4DF844ADF0A852FD37EAE8888B05E18B562BB2F18056AFE552EEE844344A4ECBF4F0BF0D331D722
                                                                                Malicious:false
                                                                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/27/2024 18:10:46.905.OUTLOOK (0x1B88).0x1B8C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-08-27T18:10:46.905Z","Contract":"Office.System.Activity","Activity.CV":"cole6wOBPUqa1Cfh5AN+aQ.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/27/2024 18:10:46.921.OUTLOOK (0x1B88).0x1B8C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-08-27T18:10:46.921Z","Contract":"Office.System.Activity","Activity.CV":"cole6wOBPUqa1Cfh5AN+aQ.4.10","Activity.Duration":10741,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782246863640500_EB5E8972-8103-4A3D-9AD4-27E1E4037E69.log

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):20971520
                                                                                Entropy (8bit):0.0
                                                                                Encrypted:false
                                                                                SSDEEP:3::
                                                                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                Malicious:false
                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1410460652-7048.etl

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):118784
                                                                                Entropy (8bit):4.532914819264668
                                                                                Encrypted:false
                                                                                SSDEEP:768:Kc2fW9UfXnU57JzbHbd46H79DeHOKdEf8IzjXBqYP5qNRBnWBWvW6WNtv6qV2Phu:H2GoQV46H79DeuKde8IzjXzqNRm2E
                                                                                MD5:AD914FF1A3B712844B9ABBB23314A038
                                                                                SHA1:0850BF5BEA63720365CDE641C4457B4D142F3780
                                                                                SHA-256:996E2DBCB630CEC8A0156A947F919148171F29DF4FA6061889E0FC760E5B5321
                                                                                SHA-512:326FC6421246C138D7AC83CCF508A6E875CBDAC60F71914FDDF8784419797B1A08406307A61671C4126FC0C7C2561A00EFE569F04626030669691099DE07F1FD
                                                                                Malicious:false
                                                                                Preview:............................................................................`.............p....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y............p............v.2._.O.U.T.L.O.O.K.:.1.b.8.8.:.8.3.5.5.d.9.7.1.1.1.6.4.4.8.0.b.b.4.4.5.6.9.f.b.3.d.b.0.0.b.5.3...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.7.T.1.4.1.0.4.6.0.6.5.2.-.7.0.4.8...e.t.l.......P.P.........^'.p............................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1411210192-7696.etl

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):16384
                                                                                Entropy (8bit):3.56398802201613
                                                                                Encrypted:false
                                                                                SSDEEP:48:9PlNOCpTbcipT9pTjTNT/TEzTtTuiT43LbTmMTsXT8WjiT1iTrTINTjc/TFfTQyN:9ef2Lskyj4LcpxLG5G6emBkcL5okzx4
                                                                                MD5:C05EFFD1DB75E65BB03D2A791983193A
                                                                                SHA1:BC49D872EA0C5E2747E009A0E112586D16E29F98
                                                                                SHA-256:859D3D5E41167474155A249DA05B2F8CC388DB0DBB797D4521EF2C2C75849DE1
                                                                                SHA-512:2FFCD6AB7DABB3FAEFD77244AA2CC34AF360B26BCA8EAA348CEDB75ABE6F3A8D3830DA959C7BA38E32D8AFE0B4AD692601B6C1FCA1DABCA533F36D3A7AC9475D
                                                                                Malicious:false
                                                                                Preview:............................................................................`...................................eJ........'.....Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y..........................v.2._.O.U.T.L.O.O.K.:.1.e.1.0.:.7.e.d.9.4.2.7.9.8.b.3.0.4.7.8.2.8.1.0.8.7.2.f.d.6.2.0.9.f.a.8.7...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.7.T.1.4.1.1.2.1.0.1.9.2.-.7.6.9.6...e.t.l.......P.P.........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):538831
                                                                                Entropy (8bit):5.985098432886038
                                                                                Encrypted:false
                                                                                SSDEEP:6144:os2TC+RagPRRnUq8EZlg6iRB8bXj2fAaR/j9T8Qz9nuWoJG:UTlagPRoEZlglRmTK4s9T8QMWkG
                                                                                MD5:78BDC5BE3F5A1F39A6AE33903C3E4A31
                                                                                SHA1:5587984FA6AAB9E9C7A5E81D48AB8EF6441540F1
                                                                                SHA-256:350D5253A90C90F812EE5F223EA66431F31545557CF788493DE75E687AD47767
                                                                                SHA-512:38A82EE1E5B787DD4273C10928CAD6EFA6098AE96901EC57ED34028702E79C80B6C1F113C00EBA8AB3430A2698FEA3ECFF0C8AE6028752C949DFFAA10082FB11
                                                                                Malicious:false
                                                                                Preview:RNWPREP...A..<.l.........8........{.C.$5..?0.he........4.....h.@...P.Q.....uY|t8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ....Qb........hw..`.....D..1.`.....D....`.....D..Qb........ki..`......Qb".@.....vc..`.....D..Qb2......en..`\.....Qb6.T)....ao..`<.....Qb:.?.....Cf..`.....D..QbZ@14....Ye..`2.....QbZ.T+....ts..`.....D..Qbj.."....pc..`.....D..Qbz@lR....eT..`.....D..Qb........Pa..`^....D..Qb.@2.....yy..`.....D..Qb........kT..`<.....Qb...}....mw..`.....D..Qb..1.....ff..`......Qb.@.#....Gb..`.....D..Qb........pf..`......D..Qb.@G.....$I..`.....D..Qb........Kl..`......Qb..l.....uy..`.....D..Qb.A.`....oo..`......Qb........vv..`L.....Qb.Aq.....J_..`......Qb..#.....ld..` ....D..Qb"A......ua..`N....D..Qb.A.....US..`(....D..Qb:.EE....qb..`......Qb>Ae.....ju..`......Qb>.......Ka..`h....D..QbZ.hn....gb..`......Qb^.......Di..`<.....Qb^A......Cy..`6....D..Qbr.}.....Bn..`.....D..Qb..TZ....xf..`......Qb.A.;....Vr..`......Qb.AL.....CC..`......Qb.A?a....ov.

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):30
                                                                                Entropy (8bit):1.2389205950315936
                                                                                Encrypted:false
                                                                                SSDEEP:3:14Jlt:qr
                                                                                MD5:FEE3DA55184CC030B2A8386F0C7673DC
                                                                                SHA1:7BDDF7CDC20B3F0C839CF432993439A8E40BB374
                                                                                SHA-256:7ECF73A5285BC76E8AC8BDCC0021A82E3B43B279C58B84D990E1C51089E7C7FE
                                                                                SHA-512:8B1FA4F0B8448C34E8B787B728CC0BA45D3F6201B208BA988FC148E4754DBBBBA6F5B12C8AE9FB61031073FBC701E38FA9E65DC1129333F3297BECF8BA343EEB
                                                                                Malicious:false
                                                                                Preview:..............................

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                Category:dropped
                                                                                Size (bytes):16384
                                                                                Entropy (8bit):0.6705857930504567
                                                                                Encrypted:false
                                                                                SSDEEP:12:rl3baFtsqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCIruYm:rcmnq1Py961R
                                                                                MD5:809EAE92C1EDD7FD2032DDB1F0A8D473
                                                                                SHA1:0C56123BE952B1E3F06AB52FACD185FE54853A44
                                                                                SHA-256:13C66B6FC1B9104B70FA7171ABE6D81FAEA7AF83B7949750ACE012960C735FD1
                                                                                SHA-512:07C5600A6CE891ABAAEA3CBCA3356563CA09A160D58211D84835CCDE128B682B977114BADCCF452E26BEABE5759ABCA3F21809C2BEA5434FA38C721AE7EBA30E
                                                                                Malicious:false
                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):14
                                                                                Entropy (8bit):2.699513850319966
                                                                                Encrypted:false
                                                                                SSDEEP:3:QGiWlG:QGbY
                                                                                MD5:C5A12EA2F9C2D2A79155C1BC161C350C
                                                                                SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
                                                                                SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
                                                                                SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
                                                                                Malicious:false
                                                                                Preview:..c.a.l.i.....

                                                                                C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0809.lex

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2
                                                                                Entropy (8bit):1.0
                                                                                Encrypted:false
                                                                                SSDEEP:3:Qn:Qn
                                                                                MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                Malicious:false
                                                                                Preview:..

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:11:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2673
                                                                                Entropy (8bit):3.989937957156866
                                                                                Encrypted:false
                                                                                SSDEEP:48:8D0dST+KiHlidAKZdA1FehwiZUklqehKlxy+3:8DBjkrxy
                                                                                MD5:55A2BABD569B3B8E48A891CF9DC6F7AA
                                                                                SHA1:8BBAD1E384AEF7D44882B917AF81F32B08AD6130
                                                                                SHA-256:795967AB28723B2656B42C3FCC99608302AEA74929AA0F7B281FB3F99BC31D1F
                                                                                SHA-512:C76410B967ACD8A56ECD383A61E42FCE5FEC87D8A5DC12ED67680469111A1D2A4660A84116FC9949CC9C8DED6423DD956A06CD317566EFF678322C7E36BA9E74
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,....T..~....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:11:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2675
                                                                                Entropy (8bit):4.00710819145339
                                                                                Encrypted:false
                                                                                SSDEEP:48:80dST+KiHlidAKZdA1seh/iZUkAQkqehZlxy+2:8Bja9Q4xy
                                                                                MD5:7304CF211FB8E182CF8864905EBC902F
                                                                                SHA1:B760EAEA359FC7D7FF17278AF9DAD846A2A91F9E
                                                                                SHA-256:B93A6626047A6181AC4CD2811567D41577A3C67019D0F0B93165C10202C337F8
                                                                                SHA-512:DEC99868D828CBEF3241FE9D0F048E9D0A152F9D661E5A6D29DDA8D2A6C029788D960DCFC58EB9167044695386A0CDBA1D06129ECA7D192EE63DE8D2AFA73438
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,.......~....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2689
                                                                                Entropy (8bit):4.011462732274229
                                                                                Encrypted:false
                                                                                SSDEEP:48:8NdST+KAHlidAKZdA14meh7sFiZUkmgqeh7sPlxy+BX:8SjEnfxy
                                                                                MD5:934F69AA8E765E37E16E69B84D14DE57
                                                                                SHA1:4893E449E26B9DF994D9A74C99E7017BED5B7E7E
                                                                                SHA-256:23F909384D04809F6053368EAFF453C09FD9FAE2B0399DD24815631EDA1E4150
                                                                                SHA-512:5B2490A8A5DC6B1352AA1CBA494E9BA615335647C9FB447E706484F136F2822C6D95E80C6553F76E6BACD2D005516F9B6B4683FED64B61CF4E09E44376CD0692
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:11:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2677
                                                                                Entropy (8bit):4.0027902090179355
                                                                                Encrypted:false
                                                                                SSDEEP:48:81KdST+KiHlidAKZdA1TehDiZUkwqehNlxy+R:81zjRVxy
                                                                                MD5:A23AA38F48961AFEAD6CD727D6825008
                                                                                SHA1:166530756A4FD12B4C3F6B605B4F539D6DEEDD13
                                                                                SHA-256:E52468F6DA255C9F9A5117363A918524296DA04108788116AE5020884D36F859
                                                                                SHA-512:57D5C99C48497546024AD93B82489C3E05CF58F928F0F28E8FBE7DDE85BC190A7434BB9DB97E9225047E7A3851A758DB8795FD04770F8D2E08775AA947892E93
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,....=..~....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:11:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2677
                                                                                Entropy (8bit):3.991729368398351
                                                                                Encrypted:false
                                                                                SSDEEP:48:8OKdST+KiHlidAKZdA1dehBiZUk1W1qehblxy+C:8AjR9hxy
                                                                                MD5:E37CA818E71C692CDAD3B9C49C7B9B3F
                                                                                SHA1:3C4FEBFA20A30534A8A0A3A34CE3FDD1775DAF78
                                                                                SHA-256:41660CA9A69A4E504D1E408F40BFD2796B56DFD57DCF39D1CFAB369B1848073F
                                                                                SHA-512:D8A3F67CA63A3865CD0D5377A857C1C3BD7BD42530B962986AFE41CEE5106E31ABED2157D72E86675622EF1F004C56B18852DD0E62B9FEBAB0E42F9C8F7EE8A7
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,....'..~....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:11:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2679
                                                                                Entropy (8bit):4.001287576628793
                                                                                Encrypted:false
                                                                                SSDEEP:48:8ZdST+KiHlidAKZdA1duTeehOuTbbiZUk5OjqehOuTbFlxy+yT+:8mj5TfTbxWOvTbfxy7T
                                                                                MD5:0FEFAE6B324D39E53A69C866828A1B4A
                                                                                SHA1:CE36FDDC39781F11D37FAA2B383FD6516AF82520
                                                                                SHA-256:3876F3F2AB40F64AF464339D6F799B54F333B282395D041118F6F74DCCAD2375
                                                                                SHA-512:9A81E16858E6F825B6840C8B5AEBDC9B3E1DC02C1E5204EDCC1EEC4DEC3D1B34598E93382AB0970EF706E10D18B0E206B65C2E985DF5634A5052F49A6981D9DA
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,......~....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yd.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yd.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yd............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:Microsoft Outlook email folder (>=2003)
                                                                                Category:dropped
                                                                                Size (bytes):271360
                                                                                Entropy (8bit):3.013024930129262
                                                                                Encrypted:false
                                                                                SSDEEP:6144:O0CEkNCEkrCEkaCEk/CEkvCEkzCEk9uwGc+:dCEkNCEkrCEkaCEk/CEkvCEkzCEkz
                                                                                MD5:45199553543EAA8B5F88808F6DD497AD
                                                                                SHA1:ECB54418E452DA30A499D0A13B0E12D7BA8E71AC
                                                                                SHA-256:5F341BE9A49BF6EBCA534616EEC0BB27CF4E4D85710483158092C8F744168247
                                                                                SHA-512:CF6E3BB43DD03A8D5E94056F66445E954581A3FE35C6990DC39E0B5069ADCA9729DD6117A1796F0DCF58B93C84CE99AF9184A94DDD1A8343758B6FF73AE6085C
                                                                                Malicious:false
                                                                                Preview:!BDN.i.SM......\...............;.......c................@...........@...@...................................@...........................................................................$.......D.......k..............:...............7...........................................................................................................................................................................................................................................................................................,........Y..}o.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                Download File
                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):131072
                                                                                Entropy (8bit):3.656386558790123
                                                                                Encrypted:false
                                                                                SSDEEP:1536:jW53jEpEHP4qQ10PAwr1cDO8EKPGxCEkHdu/bycW53jEpEHP4qQ10PAwrW6XiTFu:Vp9CLCEk9uzy+p9tEt
                                                                                MD5:ABE30E5E854B0AD865DD3CC316E69E6C
                                                                                SHA1:198724641BB7B013975EFB4CCB131CAF3E9B8F68
                                                                                SHA-256:384B7DA75F36E672B2519FAC959BFD30EC82316270F00CD51F15B2592D0C1038
                                                                                SHA-512:44AEA238571C19F1857E47C2B7DF0B4F94F93A145596A5D03036DB9D45B4A18E413EA101409BCF9A59BE0C1867A18F3323422D2FB9119F5C7E0A065042D86F1C
                                                                                Malicious:false
                                                                                Preview:..;.C...c............n\p......................#.!BDN.i.SM......\...............;.......c................@...........@...@...................................@...........................................................................$.......D.......k..............:...............7...........................................................................................................................................................................................................................................................................................,........Y..}o..n\p.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Chrome Cache Entry: 81

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1588
                                                                                Entropy (8bit):5.174121809218917
                                                                                Encrypted:false
                                                                                SSDEEP:48:9pZigAOvzbYdvG2AumPBqykF1KdpwGFKcjeA5mkxofP:piFVmPBq/OI9GGP
                                                                                MD5:3AF1FDB9A3F664A6683D212F4787733A
                                                                                SHA1:59063D49B723A1988236C8D39C2804C6EBC5FF95
                                                                                SHA-256:A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
                                                                                SHA-512:F8872E0C875BE6037C14480630E461FC1ADFA2049DB03BAE5D8CB6B320A2C084D4B266AEB02E24009B4BA84821E216690CA875B165164447FE8329B48C9E261F
                                                                                Malicious:false
                                                                                Preview:window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] || true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

                                                                                Chrome Cache Entry: 82

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):3932
                                                                                Entropy (8bit):5.202197618496175
                                                                                Encrypted:false
                                                                                SSDEEP:96:W1nWD5QBnuxm32TPv1YyZvtcpcJcLCmzYzMz4ChX5xQFMXpSgfsHjrAwn:MmmqvWCiLfxpSgfsHjrAwn
                                                                                MD5:BBAD95C4A0BE4E5775B7D5B409FBF602
                                                                                SHA1:FAD598750B15C207DFEF6E1FEA3C072BAEAC2B66
                                                                                SHA-256:41F78D15AE18C36B84C819D9AF3511C342C180F0ABA8F91DC1CCF4046B56B308
                                                                                SHA-512:4006994F240E4DAB7134F1B716E51E4FFC0DD495EAF3269165FB0C27D89B2F19063AF17086553B39507199D62DBCD8BA6F07F34770BCAF15C40CF5EF06419631
                                                                                Malicious:false
                                                                                URL:https://gcc02.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css
                                                                                Preview:@charset "UTF-8";../* CSS Document */....body{...margin:0px;...padding:0px;..}....div{.. text-align:left;..}....#recommendation_container{...width:100%;..}....#icon img {...margin-left: 40px;...margin-top: 45px;..}....#url {height: 32px;..background-color: #f4f4f4;..margin-left: 40px;..margin-right: 40px;..margin-bottom: 20px;..margin-top: 0px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..display: inline-block;..}....#url p {...margin:4px 12px;..}......#close {height: 32px;..background-color: #0078d7;..margin-left: 40px;..margin-right:40px;..margin-top:20px;..padding: 4px 12px 8px 12px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..width: auto;..display: inline-block;..color: #fff;..border: 0;...font-size:100%;..}....#text {...margin-left:40px;...margin-right: 40px;...margin-top: 0px;...font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..}....#tips {...margin-left:

                                                                                Chrome Cache Entry: 83

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):1588
                                                                                Entropy (8bit):5.174121809218917
                                                                                Encrypted:false
                                                                                SSDEEP:48:9pZigAOvzbYdvG2AumPBqykF1KdpwGFKcjeA5mkxofP:piFVmPBq/OI9GGP
                                                                                MD5:3AF1FDB9A3F664A6683D212F4787733A
                                                                                SHA1:59063D49B723A1988236C8D39C2804C6EBC5FF95
                                                                                SHA-256:A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
                                                                                SHA-512:F8872E0C875BE6037C14480630E461FC1ADFA2049DB03BAE5D8CB6B320A2C084D4B266AEB02E24009B4BA84821E216690CA875B165164447FE8329B48C9E261F
                                                                                Malicious:false
                                                                                URL:https://gcc02.safelinks.protection.outlook.com/Content/Scripts/site.js
                                                                                Preview:window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] || true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

                                                                                Chrome Cache Entry: 84

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):25664
                                                                                Entropy (8bit):4.972505404550475
                                                                                Encrypted:false
                                                                                SSDEEP:384:OXE05KiOBf35OPGJulcJBzzdtKUmpZKfWve:E35Ki7PGJNJBZOpZKeve
                                                                                MD5:FF4FEDB556605288FEC259EE6B8D5981
                                                                                SHA1:BBC525AB65E54999044F14FF8F31CF25EEDB7754
                                                                                SHA-256:2809B6F62DC341D238F02C33C7347A7BA714F10B6F075BDD39A1CD7C68CE9807
                                                                                SHA-512:9EAE6F8D1822A1EF91B909B0D6A8826BFB323BD34FA76FBF0A2DCA99B5F580BA09173ECD2068F393979EBAE248BF5FF1FC592C5D43D5EEB33E0EC6DDE93E8349
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR............._..;....pHYs...%...%.IR$....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                Chrome Cache Entry: 85

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:HTML document, ASCII text, with very long lines (2878), with CRLF line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):5023
                                                                                Entropy (8bit):5.879328974643291
                                                                                Encrypted:false
                                                                                SSDEEP:96:qE6+QqdSTnWzVDEdwOgPA3/My+oXUq7aze2snVX0n1Z5HePJY+tSx0:V6XiSyzWRd+oEq71nVceJjtH
                                                                                MD5:6B9B5D16BBBAD8EB1FA065E2F9381253
                                                                                SHA1:8853B9ABF51EFF5772D63D99CB36212543A970E6
                                                                                SHA-256:2A9010338C6C97C8FA47257CC7353B5DA1B3AD4B0493A93E239E7DD18E18C345
                                                                                SHA-512:627C1CA7FFF00EC3B01733F55978C14B44E065D994C5DA6D6750ED9BC9CAFFF279E1185DC74B585D04B686935995716752BD87FE4D94B38E01F2ED2E4157108C
                                                                                Malicious:false
                                                                                URL:https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                Preview:<!doctype html>..<html>..<head>.. <meta charset="UTF-8">.. <title>Microsoft Defender for Office 365</title>.. <meta name="referrer" content="same-origin" />.. <meta name="robots" content="noindex,nofollow" />.. <link rel="icon" href="data:,">.... <base href="https://gcc02.safelinks.protection.outlook.com">.... <link href="/Content/Scripts/safelinksv2.css" rel="stylesheet" />.. <script src="/Content/Scripts/site.js" type="text/javascript"></script>..</head>..<body>.. <div id="header_container_blocked">.. <div id="header">.. <div id="icon"><img src="/Content/images/cross.png" alt="" height="100" width="94"></div>.. <h1>.. This website is classified as malicious... </h1>.. </div>.. </div>.. <div id="recommendation_container">.. <div id="recommendation">.. <h2>Opening this website might not be safe.</h2>.. <div id="url">.. <p>.. <

                                                                                Chrome Cache Entry: 86

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):25664
                                                                                Entropy (8bit):4.972505404550475
                                                                                Encrypted:false
                                                                                SSDEEP:384:OXE05KiOBf35OPGJulcJBzzdtKUmpZKfWve:E35Ki7PGJNJBZOpZKeve
                                                                                MD5:FF4FEDB556605288FEC259EE6B8D5981
                                                                                SHA1:BBC525AB65E54999044F14FF8F31CF25EEDB7754
                                                                                SHA-256:2809B6F62DC341D238F02C33C7347A7BA714F10B6F075BDD39A1CD7C68CE9807
                                                                                SHA-512:9EAE6F8D1822A1EF91B909B0D6A8826BFB323BD34FA76FBF0A2DCA99B5F580BA09173ECD2068F393979EBAE248BF5FF1FC592C5D43D5EEB33E0EC6DDE93E8349
                                                                                Malicious:false
                                                                                URL:https://gcc02.safelinks.protection.outlook.com/Content/images/cross.png
                                                                                Preview:.PNG........IHDR............._..;....pHYs...%...%.IR$....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                Static File Info

                                                                                General

                                                                                File type:RFC 822 mail, ASCII text, with CRLF line terminators
                                                                                Entropy (8bit):5.549684474137199
                                                                                TrID:
                                                                                • E-Mail message (Var. 5) (54515/1) 100.00%
                                                                                File name:(No subject) (60).eml
                                                                                File size:30'482 bytes
                                                                                MD5:18177185c529816c40f29602654b350b
                                                                                SHA1:e117e656b542113495653ee94d32768eb253839a
                                                                                SHA256:5193d407543ce327b203d8f51eb64ea7cc3ff95327837617526d11c2cd42ec8f
                                                                                SHA512:d97888e9bcef5a8294c0e47d3ed7866b58fc47d07c104d65a2672c772559b645c533b05279bed8a8f52cedcad8822e8630b6e50eafa2d93858ad0d304be4f777
                                                                                SSDEEP:384:K25k0o0u08AlP+4+OjI9kSz61To/2KUYQOae9QjhBgMqaEneNeZ:TF+Jz61To/2KjvMq5neNeZ
                                                                                TLSH:5BD22743F3C019518EAB1A2061437BBE7F7948DA9F32497460AB7B3E1B4DCD396C5289
                                                                                File Content Preview:Received: from SJ0PR09MB9159.namprd09.prod.outlook.com (2603:10b6:a03:462::5).. by BY3PR09MB7314.namprd09.prod.outlook.com with HTTPS; Thu, 22 Aug 2024.. 20:29:13 +0000..Received: from CYXPR09CA0015.namprd09.prod.outlook.com (2603:10b6:930:d4::10).. by SJ

                                                                                Static Mail

                                                                                General

                                                                                Subject:Review changes on Agreement - 8/22/2024
                                                                                From:AF RCE LM114 <mmorris@bradylawgroup.net>
                                                                                To:rpiotrowski <rpiotrowski@santaclaraca.gov>
                                                                                Cc:
                                                                                BCC:
                                                                                Date:Thu, 22 Aug 2024 20:29:08 +0000
                                                                                Communications:
                                                                                • You don't often get email from mmorris@bradylawgroup.net. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> [X] You received a document to review and sign. REVIEW DOCUMENT <http://6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com/> rpiotrowski@santaclaraca.gov Hope all is well with you! Please see the enclosed forms and applications for you to complete using our Docusign tool. if you notice anything incorrect that you are unable to edit, please send me an email or give me a call and i will be happy to do so. Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit DocuSign.com, click 'Access Documents', and enter the security code: 008698F3JII4UMAPS30A9E1234 About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. If you are having trouble signing the document, please visit the Help with Signing page on our Support Center . [https://inboxflows.com/_/image/https%253A%252F%252Feu.docusign.net%252FMember%252FImages%252Femail%252Ficon-DownloadApp-18x18%25402x.png/?inbox_flows_img_sig=eyJwYXRoIjoiaHR0cHMlM0ElMkYlMkZldS5kb2N1c2lnbiJ9:1kXNlL:TM5Sk1duaTABV3Oy8RBBOQBjbLjbayGs8PiOwBuHlpA] Download the DocuSign App This message was sent to you by Sarah Joans who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
                                                                                Attachments:

                                                                                  Headers

                                                                                  Key Value
                                                                                  Receivedfrom a10-132.smtp-out.amazonses.com (54.240.10.132) by DS1PEPF00017E09.mail.protection.outlook.com (10.167.18.166) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7897.11 via Frontend Transport; Thu, 22 Aug 2024 20:29:08 +0000
                                                                                  Authentication-Resultsspf=pass (sender IP is 54.240.10.132) smtp.mailfrom=amazonses.com; dkim=pass (signature was verified) header.d=bradylawgroup.net;dmarc=pass action=none header.from=bradylawgroup.net;compauth=pass reason=100
                                                                                  Received-SPFPass (protection.outlook.com: domain of amazonses.com designates 54.240.10.132 as permitted sender) receiver=protection.outlook.com; client-ip=54.240.10.132; helo=a10-132.smtp-out.amazonses.com; pr=C
                                                                                  DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1724358548; h=From:Subject:To:Content-Type:MIME-Version:Date:Message-ID:Feedback-ID; bh=Udt4y36lm/H3j4WgC9zxY5nZSYFI/HmLr5sBAZaeNzg=; b=p8ZEddHiReJiVcQh+Y4gYwgLdA6hly/AYwGxTTvw2luqmrnw9GxwoEMyW47A07Id NZMsKOYjqi+rCJAjDghlLDUgqD2T1fTyYPq+M88Hz+JXDirDMzm6wDGZHzYPiMUO+H4 JJY3/Hnj7HW6HoHrBSuCzThwDVG0jjBOuhi2VBgU=
                                                                                  FromAF RCE LM114 <mmorris@bradylawgroup.net>
                                                                                  SubjectReview changes on Agreement - 8/22/2024
                                                                                  Torpiotrowski <rpiotrowski@santaclaraca.gov>
                                                                                  Content-Typemultipart/alternative; boundary="yeK6xHc44PuS4MwQCSZ=_C6RoalgOEevps"
                                                                                  Organizationlwatson@geoscapesolar.com
                                                                                  DateThu, 22 Aug 2024 20:29:08 +0000
                                                                                  Message-ID<010001917bc75a8f-2f993708-61e8-400d-bafd-4b70502e1347-000000@email.amazonses.com>
                                                                                  Feedback-ID::1.us-east-1.AdUt9BEnfbW1C0qBUQPvTMADhmWP+cOw7s8sbfr6GSs=:AmazonSES
                                                                                  X-SES-Outgoing2024.08.22-54.240.10.132
                                                                                  Return-Path 010001917bc75a8f-2f993708-61e8-400d-bafd-4b70502e1347-000000@amazonses.com
                                                                                  X-MS-Exchange-Organization-ExpirationStartTime22 Aug 2024 20:29:08.8517 (UTC)
                                                                                  X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                  X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                  X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                  X-MS-Exchange-Organization-Network-Message-Id 0ffe270a-4ac8-4456-fa6f-08dcc2e91367
                                                                                  X-EOPAttributedMessage0
                                                                                  X-EOPTenantAttributedMessage28ea3548-1069-4e81-aa0b-6e4b3271a5cb:0
                                                                                  X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                                  X-MS-PublicTrafficTypeEmail
                                                                                  X-MS-TrafficTypeDiagnostic DS1PEPF00017E09:EE_|SJ0PR09MB9159:EE_|BY3PR09MB7314:EE_
                                                                                  X-MS-Exchange-Organization-AuthSource DS1PEPF00017E09.namprd09.prod.outlook.com
                                                                                  X-MS-Exchange-Organization-AuthAsAnonymous
                                                                                  X-MS-Office365-Filtering-Correlation-Id0ffe270a-4ac8-4456-fa6f-08dcc2e91367
                                                                                  X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                                  X-MS-Exchange-Organization-SCL1
                                                                                  X-Microsoft-AntispamBCL:0;ARA:13230040|32142699015|69100299015|5073199012;
                                                                                  X-Forefront-Antispam-Report CIP:54.240.10.132;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a10-132.smtp-out.amazonses.com;PTR:a10-132.smtp-out.amazonses.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(32142699015)(69100299015)(5073199012);DIR:INB;SFTY:9.25;
                                                                                  X-MS-Exchange-CrossTenant-OriginalArrivalTime22 Aug 2024 20:29:08.7580 (UTC)
                                                                                  X-MS-Exchange-CrossTenant-Network-Message-Id0ffe270a-4ac8-4456-fa6f-08dcc2e91367
                                                                                  X-MS-Exchange-CrossTenant-Id28ea3548-1069-4e81-aa0b-6e4b3271a5cb
                                                                                  X-MS-Exchange-CrossTenant-AuthSource DS1PEPF00017E09.namprd09.prod.outlook.com
                                                                                  X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                                  X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                                                  X-MS-Exchange-Transport-CrossTenantHeadersStampedSJ0PR09MB9159
                                                                                  X-MS-Exchange-Transport-EndToEndLatency00:00:05.2068756
                                                                                  X-MS-Exchange-Processed-By-BccFoldering15.20.7875.019
                                                                                  X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                  X-Microsoft-Antispam-Message-Info OKDYxyIePC8qA+gWWvgLCnDl5PJ3p40mlKQ2UxvejdZjG4Gzpz/+hM+GMmF9EzG2bA3RsjOBHXibXkD8QwBWGb9lsbBC1VLXAELoJvVYaEmZCzwbNLTQr1LTtCr58MUB6JjtI+S3FBOECX5Ad1v6ZuNzHtamleKPJaNJJ+9OyX34uQQIgq0icZsJYKuwlJ/XoypmtSJ/vX2Del7fx3/x2YXcX2ChJDbO31BaQZM0Sg91WaDPSoj23eutDQyOGSWqEssd4Kl7dBu8u0pj8wrqyxeSnAHHHL7CpH0lCysbRBQvwU4pN8hthrpfDBnLa6ZEdF6b63C78sDhehIKhFQzH4BePciY4X0X7scy+XmspChcKK7wryL60ABhMxBxb/OOtFxRSF6QnxBYSBKiQ+LUVAhn0IGgXAGZM4r0rJKQCOftmEc9ybuCJZp7wKcdCWvumGXNoQGNsBoxmLh1hOVBHzfSfyK6bgA1T63oAzOwjcxDu9QT5HpRRwMRQ4ae8SZEwDQPpXT+bkQ0QHuQcgjGyPwHGNakUyx0rkQn6LOGPBa7ASUssKETnKeVQDl22DZsy8zCsTwguuJCPL0O8w+WYEOwXmnZ2dgEgYW4Q2mtjGxJk8Cem8zi230y211bhQfMwnj5eUsveVBLztpbXGRwzF8HJze0UbaXX2jXYZ1MOjObNojfBC9vR1/vDS/cuv9Nt3CL598+GDrd7b4WhbEK7x/fXEYO9Yuu6j9yyNrH6Mt7jyqF7fTQwmOlbER11qAoEM14SUziQwjE6kNdnVhsCFMQNqqIZtWAm/444CjD2ncKm2TbsPimEhMaGxEdxziFzFiZOnrAxpiSmHR0ULQBtzVvbGnZonJHNxhUFuLVltoVZOrwZy//UT3j6PKmB1INxHzFndgO5JGvMs3xGc5R1bC1cotaUJAVWWu5euwOgLOB7ASpRh7+cuN0Hdkwm2pcYcHv8al2oMqdPYQyuylF4UhRV0cC5sa2CpDDYOwQxmg8q27Q9r12PnydB/JrZnkJULc3y4ZVh6kqTr4Czh7eIcloC612RdWpOJls9arpzl6iE2wDb9b489j/4wdbcRiekl3YK1cf97wYqbn1PRY49UuROMXd3OZr+WEhWr48Et8bjHNzTYlRE3MxJHNo0z0Yk/ORG+Md6VZ9uymmMfr1MgBRstTBskWCRfClq6qn8fPhmL/Y1SDi0EQj7LLN53jnZgWgF7T8KBsf/VAHcvtnY3a9NG4CgPz0M/BcUvK09NhSLIJvkQMli24UOMmgP8v0C/JvK9Zxf39AIwVQ3jIrn+nP3IbuEABhoKkbb5+Z9R1nm5ruCRBO6Afu3XsPBPowZvY7qIHlzgBdLoOMovlJ8E1EpmdgAMinkw+MvPcrcnoccWiNR4/ZD3iZ8k56BXF5Hs4FA0NpsOjBf/bO14ppNgbKw99bwbO4RpMGU/22kWfhRuZb1R1KNz3PXir8BpPqbWJht69HVBC7Ns1gkSrXHGW/DaF49t8/2enxRBoRMhXkJR/FGmkSaBBZWZVHziNR5Yy78V5gTA6NFgq9nW6jNPoUFZ6W2r//w200nHYiPRusDVy3IG3YI4AD5YCUxneq8hNCj4//6r8qhi0XjQjxJrZGsqMvsL1WTVCnpVPuwhgfLtk2eldbpGHTjzEB+1xdZi6oYR1dXvDp00v2GMvOk52WHCIqlPVrS6xO51DaBglwM10rsSss77CBjGYBNRzAQmoJMH3A7C4jwhrQBlgGNsUrfEoF00pe9NB12AXLDVoA6JTAlEIF2hTAalskS6NwfzihlHBLOg8D4RmtKj/2rMw1yXbortTc+VrSirVldjtQXbnxKre+1RgilTpQb7k4rdXRfuJHUeso59Mxtvb2eEgUTQy1cJMhpZvORju715warN9wmZ8FOvS2xvdqlKi3crvHY60Dn0xsZohjgOxHsjqo9Qxn2SDVPxYYbpzPBIMAPdpNfLxwQUJVUfxF3bDzKVsBOB2DQsc29BCdn40j+QLknc4QaeWdgMtAousB7ZqfZbRfLABMYi7hD/jZqcTmbkQxPj1Cu5/gc0zTB9iQSNm7FxZUmXoIXK9qs/88RsM0JNmec8ws3ATfR6oZK8LFVeOcehd4E1k+sy8nT5T8ww==
                                                                                  MIME-Version1.0

                                                                                  File Icon

                                                                                  Icon Hash:46070c0a8e0c67d6

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Aug 27, 2024 20:10:42.277133942 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:10:42.886559010 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:10:44.100821018 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:10:44.840358973 CEST4968980192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:46.500803947 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:10:50.137104988 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:10:50.439835072 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:10:51.044836998 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:10:51.140846968 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.140882969 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.141002893 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.142347097 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.142365932 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.315814018 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:10:51.715431929 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.715516090 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.718039036 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.718044996 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.718283892 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.763834953 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.788940907 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:51.788999081 CEST4434970952.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:51.789192915 CEST49709443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:52.055430889 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.055488110 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:52.055560112 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.056586981 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.056598902 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:52.257849932 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:10:52.917665005 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:52.917749882 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.949420929 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.949449062 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:52.949696064 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:52.950881004 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.950908899 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:52.950954914 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.252469063 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.252504110 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.252635002 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.252644062 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.252664089 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.252733946 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.253460884 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.253499985 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.253652096 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.253694057 CEST4434971020.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.253767014 CEST49710443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.344875097 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.344928026 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.345032930 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.345222950 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.345232964 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.360934973 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.360980988 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:53.361145020 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.361453056 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:53.361464977 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.143121004 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.143928051 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.143960953 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.144685030 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.144685030 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.144695997 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.144715071 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.152662992 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.152832985 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.162225008 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.162244081 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.162476063 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.162996054 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.162996054 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.163043976 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.441775084 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.441807985 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.441834927 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.441898108 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.441898108 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.441921949 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.442164898 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.442254066 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.442394018 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.442394018 CEST49711443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.442410946 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.442419052 CEST4434971120.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.487242937 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:54.487282038 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.487464905 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:54.487598896 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:54.487611055 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489794970 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489820957 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489850044 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489883900 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.489908934 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489922047 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.489937067 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.489969015 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.490303993 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.490324974 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.490351915 CEST49712443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.490356922 CEST4434971220.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.568382978 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.568428040 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.568523884 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.568763018 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:54.568777084 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:54.602067947 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:54.665843964 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:10:54.905836105 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:55.065301895 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.065382004 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.066716909 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.066726923 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.066937923 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.068233967 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.068270922 CEST4434971352.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.068361998 CEST49713443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.143954039 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.143990040 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.144311905 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.144572020 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.144584894 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.328723907 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.328835964 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.330884933 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.330897093 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.331110954 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.331614017 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.331666946 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.331705093 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.512826920 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:55.652381897 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.652405977 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.652496099 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.652529001 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.652582884 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.652920008 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.652939081 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.652946949 CEST49714443192.168.2.1620.190.159.73
                                                                                  Aug 27, 2024 20:10:55.652971029 CEST4434971420.190.159.73192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.717039108 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.717118025 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.718316078 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.718326092 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.718538046 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.719592094 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.719621897 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.719711065 CEST4434971552.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.719763994 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.719778061 CEST49715443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.782902002 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.782944918 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:55.783256054 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.783474922 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:55.783487082 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.351305962 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.351382017 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.352684021 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.352695942 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.352895975 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.354069948 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.354093075 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.354185104 CEST4434971652.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.354228973 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.354245901 CEST49716443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.416860104 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.416894913 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.416968107 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.417244911 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.417265892 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.726835012 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:56.984461069 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.984538078 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.985780001 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.985791922 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.985995054 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.987056017 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.987086058 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.987181902 CEST4434971752.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:56.987204075 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:56.987231970 CEST49717443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.032521009 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.032581091 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.032686949 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.033792973 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.033814907 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.234319925 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.234359980 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.234488010 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.234719038 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.234735012 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.750768900 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.750929117 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.752616882 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.752628088 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.752882004 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.798870087 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.799539089 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.799638033 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.800698996 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.800709009 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.801032066 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.802026987 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.802051067 CEST4434972052.191.219.104192.168.2.16
                                                                                  Aug 27, 2024 20:10:57.802119970 CEST49720443192.168.2.1652.191.219.104
                                                                                  Aug 27, 2024 20:10:57.807270050 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:57.852503061 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053225994 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053256989 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053263903 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053276062 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053303003 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053344011 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.053360939 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053397894 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.053452969 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.053623915 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.053715944 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.053723097 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.060117006 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.060204029 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.063605070 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.063633919 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:58.063678026 CEST49719443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:10:58.063692093 CEST4434971952.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:10:59.137857914 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:10:59.473836899 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:11:00.927946091 CEST49673443192.168.2.16204.79.197.203
                                                                                  Aug 27, 2024 20:11:03.943867922 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:11:08.925276995 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:08.925318003 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:08.925376892 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:08.926503897 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:08.926516056 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.082891941 CEST49678443192.168.2.1620.189.173.10
                                                                                  Aug 27, 2024 20:11:09.503000975 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.503371000 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.503386021 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.504422903 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.504492044 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.506603003 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.506660938 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.507385015 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.507391930 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.560893059 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.912313938 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.912333012 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.912360907 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.912405014 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.912419081 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.912446976 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.912535906 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.913650990 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.913688898 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.913727045 CEST49724443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.913743973 CEST44349724104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.913770914 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.917315006 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.917327881 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.931658030 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.931658983 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.931673050 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.931684971 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.931767941 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.931874037 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.932079077 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.932091951 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.932224035 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:09.932233095 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.519556046 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.520157099 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.520183086 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.520545959 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.520983934 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.520983934 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.520998955 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.521044970 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.528943062 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.529227018 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.529252052 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.529614925 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.529942989 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.530004025 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.530112982 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.562882900 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.576503038 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.578907013 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.632766008 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.633476019 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.633492947 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.634548903 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.634617090 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.634942055 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.635056973 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.635085106 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.674891949 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.674917936 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.719360113 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.719393015 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.719475031 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.719500065 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.719511986 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.719552040 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.720376968 CEST49727443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.720391989 CEST44349727104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.722460032 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.722520113 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.722596884 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.722848892 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.722863913 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.723634958 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.804457903 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.804476023 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.804544926 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.804555893 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.804603100 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.806811094 CEST49726443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.806828022 CEST44349726104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.840415001 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:10.840446949 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.840558052 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:10.840789080 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:10.840801001 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.953880072 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.953907013 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.953958035 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:10.953982115 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.954241991 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.954288960 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.020195007 CEST49725443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.020242929 CEST44349725104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.303143978 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.303462982 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.303504944 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.303865910 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.304219961 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.304300070 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.304384947 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.344505072 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.477866888 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.477890015 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.477906942 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.477984905 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.478017092 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.478065014 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.534058094 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.534323931 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.534343958 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.535343885 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.535408974 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.535721064 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.535788059 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.535861015 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.535866022 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570175886 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570219994 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570250034 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.570261955 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570302010 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.570368052 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570417881 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570544004 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.570554972 CEST44349728104.47.64.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.570563078 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.570575953 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.570593119 CEST49728443192.168.2.16104.47.64.28
                                                                                  Aug 27, 2024 20:11:11.575676918 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.575715065 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.575891018 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.576064110 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.576085091 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.579888105 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.675388098 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.675410032 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.675457954 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.675467014 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.675482988 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:11.675529003 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.676166058 CEST49729443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:11.676176071 CEST44349729104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.295716047 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.296508074 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.296546936 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.296881914 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.297442913 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.297442913 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.297498941 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.338046074 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.443739891 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443790913 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443799019 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443811893 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443833113 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443881989 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.443913937 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.443959951 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.533612967 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.533648014 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.533679962 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.533694983 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.533732891 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.534065008 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:12.534094095 CEST44349731104.47.65.28192.168.2.16
                                                                                  Aug 27, 2024 20:11:12.534142017 CEST49731443192.168.2.16104.47.65.28
                                                                                  Aug 27, 2024 20:11:13.201890945 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.201931000 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.201993942 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.202244997 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.202255011 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.557982922 CEST4968080192.168.2.16192.229.211.108
                                                                                  Aug 27, 2024 20:11:13.849329948 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.851082087 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.851099968 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.852169037 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.852235079 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.854577065 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.854701996 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.905476093 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:13.905493975 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.952018023 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:14.984416008 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:14.984455109 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:14.984519958 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.003776073 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.003799915 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.602483988 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.602720022 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.674438953 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.674467087 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.674750090 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.674823999 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.679172039 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.724498034 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800396919 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800446987 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800476074 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800503016 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800503016 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800534964 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800549984 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800575018 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800595045 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800601959 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800626040 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800641060 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800649881 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800698042 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800704002 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.800812006 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.800978899 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801047087 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.801053047 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801120043 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.801264048 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801321983 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.801326990 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801363945 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.801371098 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801384926 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:15.801424980 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.801424980 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.809653044 CEST49735443192.168.2.1613.107.5.88
                                                                                  Aug 27, 2024 20:11:15.809685946 CEST4434973513.107.5.88192.168.2.16
                                                                                  Aug 27, 2024 20:11:17.252701044 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:17.252746105 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:17.253113031 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:17.253454924 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:17.253469944 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.035480976 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.035588026 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.038630962 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.038650990 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.038753986 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.038763046 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.038897038 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.038964033 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.214169025 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.214548111 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:18.214545012 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.214931011 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.214957952 CEST49737443192.168.2.1651.124.78.146
                                                                                  Aug 27, 2024 20:11:18.214977980 CEST4434973751.124.78.146192.168.2.16
                                                                                  Aug 27, 2024 20:11:23.750576019 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:23.750631094 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:23.750751972 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:25.062808990 CEST49733443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:11:25.062835932 CEST44349733142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:11:34.579786062 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:34.579833031 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:34.579916954 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:34.580300093 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:34.580313921 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.243048906 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.243181944 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.244491100 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.244497061 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.244708061 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.246092081 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.292503119 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.496408939 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.496434927 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.496463060 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.496500015 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.496509075 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.496540070 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.496572018 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.498497963 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.498541117 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.498564005 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.498572111 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.498619080 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.498619080 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.499548912 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.499557018 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:35.499583006 CEST49748443192.168.2.1652.165.165.26
                                                                                  Aug 27, 2024 20:11:35.499588966 CEST4434974852.165.165.26192.168.2.16
                                                                                  Aug 27, 2024 20:11:36.318469048 CEST44349691137.184.51.101192.168.2.16
                                                                                  Aug 27, 2024 20:11:36.318490982 CEST44349691137.184.51.101192.168.2.16
                                                                                  Aug 27, 2024 20:11:36.318589926 CEST49691443192.168.2.16137.184.51.101
                                                                                  Aug 27, 2024 20:12:11.337701082 CEST49691443192.168.2.16137.184.51.101
                                                                                  Aug 27, 2024 20:12:13.255933046 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:13.255995035 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:13.256128073 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:13.256378889 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:13.256402016 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:14.057477951 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:14.057796955 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:14.057817936 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:14.058162928 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:14.058521032 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:14.058581114 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:14.102741957 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:23.791763067 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:23.791840076 CEST44349753142.250.185.100192.168.2.16
                                                                                  Aug 27, 2024 20:12:23.791913033 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:25.051403999 CEST49753443192.168.2.16142.250.185.100
                                                                                  Aug 27, 2024 20:12:25.051435947 CEST44349753142.250.185.100192.168.2.16

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Aug 27, 2024 20:11:08.890608072 CEST6292253192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:08.890744925 CEST5261853192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:08.898674011 CEST53551131.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:08.908145905 CEST53501361.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:08.912967920 CEST53629221.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:08.925395966 CEST53526181.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:09.895937920 CEST53565661.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.811779022 CEST4980153192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:10.811927080 CEST5287653192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:10.838018894 CEST53498011.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:10.839844942 CEST53528761.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.193793058 CEST5807153192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:13.193973064 CEST6033353192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:13.200959921 CEST53580711.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:13.200977087 CEST53603331.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:23.531428099 CEST6043853192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:27.384552956 CEST53602401.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:42.058079958 CEST5953353192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:11:46.061898947 CEST53596991.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:11:46.292629004 CEST138138192.168.2.16192.168.2.255
                                                                                  Aug 27, 2024 20:12:01.148960114 CEST6480753192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:12:08.441945076 CEST53529001.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:12:08.839471102 CEST53618611.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:12:21.534389019 CEST5440553192.168.2.161.1.1.1
                                                                                  Aug 27, 2024 20:12:36.530627966 CEST53544481.1.1.1192.168.2.16
                                                                                  Aug 27, 2024 20:12:51.531661034 CEST5728153192.168.2.161.1.1.1

                                                                                  ICMP Packets

                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                  Aug 27, 2024 20:11:08.925452948 CEST192.168.2.161.1.1.1c27c(Port unreachable)Destination Unreachable

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Aug 27, 2024 20:11:08.890608072 CEST192.168.2.161.1.1.10x8a12Standard query (0)gcc02.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:08.890744925 CEST192.168.2.161.1.1.10xc90Standard query (0)gcc02.safelinks.protection.outlook.com65IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.811779022 CEST192.168.2.161.1.1.10xdb39Standard query (0)gcc02.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.811927080 CEST192.168.2.161.1.1.10xc60eStandard query (0)gcc02.safelinks.protection.outlook.com65IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:13.193793058 CEST192.168.2.161.1.1.10xb6c8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:13.193973064 CEST192.168.2.161.1.1.10x1d2fStandard query (0)www.google.com65IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:23.531428099 CEST192.168.2.161.1.1.10x1985Standard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:42.058079958 CEST192.168.2.161.1.1.10x140eStandard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:01.148960114 CEST192.168.2.161.1.1.10x257eStandard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:21.534389019 CEST192.168.2.161.1.1.10x7e93Standard query (0)augloop.office.comA (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:51.531661034 CEST192.168.2.161.1.1.10x7f72Standard query (0)augloop.office.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Aug 27, 2024 20:10:44.260966063 CEST1.1.1.1192.168.2.160xd903No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:10:44.260966063 CEST1.1.1.1192.168.2.160xd903No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:08.912967920 CEST1.1.1.1192.168.2.160x8a12No error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:08.912967920 CEST1.1.1.1192.168.2.160x8a12No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.64.28A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:08.912967920 CEST1.1.1.1192.168.2.160x8a12No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.65.28A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:08.925395966 CEST1.1.1.1192.168.2.160xc90No error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.838018894 CEST1.1.1.1192.168.2.160xdb39No error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.838018894 CEST1.1.1.1192.168.2.160xdb39No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.65.28A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.838018894 CEST1.1.1.1192.168.2.160xdb39No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.64.28A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:10.839844942 CEST1.1.1.1192.168.2.160xc60eNo error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:13.200959921 CEST1.1.1.1192.168.2.160xb6c8No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:13.200977087 CEST1.1.1.1192.168.2.160x1d2fNo error (0)www.google.com65IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:23.540616989 CEST1.1.1.1192.168.2.160x1985No error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:11:42.065232038 CEST1.1.1.1192.168.2.160x140eNo error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:01.157140970 CEST1.1.1.1192.168.2.160x257eNo error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:21.543879986 CEST1.1.1.1192.168.2.160x7e93No error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Aug 27, 2024 20:12:51.540740013 CEST1.1.1.1192.168.2.160x7f72No error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • login.live.com
                                                                                  • slscr.update.microsoft.com
                                                                                  • gcc02.safelinks.protection.outlook.com
                                                                                  • https:
                                                                                  • outlookmobile-office365-tas.msedge.net
                                                                                  • settings.data.microsoft.com

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.164971020.190.159.73443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:10:52 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/soap+xml
                                                                                  Accept: */*
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                  Content-Length: 3592
                                                                                  Host: login.live.com
                                                                                  2024-08-27 18:10:52 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                  2024-08-27 18:10:53 UTC569INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-store, no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                  Expires: Tue, 27 Aug 2024 18:09:53 GMT
                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                  x-ms-route-info: C538_SN1
                                                                                  x-ms-request-id: 2b0d9b84-e986-4bba-9738-2cd5545b917d
                                                                                  PPServer: PPV: 30 H: SN1PEPF0002F97B V: 0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Date: Tue, 27 Aug 2024 18:10:53 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 11389
                                                                                  2024-08-27 18:10:53 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.164971120.190.159.73443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:10:54 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/soap+xml
                                                                                  Accept: */*
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                  Content-Length: 4710
                                                                                  Host: login.live.com
                                                                                  2024-08-27 18:10:54 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                  2024-08-27 18:10:54 UTC569INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-store, no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                  Expires: Tue, 27 Aug 2024 18:09:54 GMT
                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                  x-ms-route-info: C538_SN1
                                                                                  x-ms-request-id: 350f7b70-8b0c-4f25-8f1e-c537d73c83de
                                                                                  PPServer: PPV: 30 H: SN1PEPF0002F951 V: 0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Date: Tue, 27 Aug 2024 18:10:53 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 10173
                                                                                  2024-08-27 18:10:54 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.164971220.190.159.73443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:10:54 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/soap+xml
                                                                                  Accept: */*
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                  Content-Length: 4775
                                                                                  Host: login.live.com
                                                                                  2024-08-27 18:10:54 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                  2024-08-27 18:10:54 UTC569INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-store, no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                  Expires: Tue, 27 Aug 2024 18:09:54 GMT
                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                  x-ms-route-info: C538_BAY
                                                                                  x-ms-request-id: 22a3da54-173c-4f76-844e-b58607e3ce3d
                                                                                  PPServer: PPV: 30 H: PH1PEPF00018C01 V: 0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Date: Tue, 27 Aug 2024 18:10:53 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 11409
                                                                                  2024-08-27 18:10:54 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.164971420.190.159.73443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:10:55 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/soap+xml
                                                                                  Accept: */*
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                  Content-Length: 4762
                                                                                  Host: login.live.com
                                                                                  2024-08-27 18:10:55 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                  2024-08-27 18:10:55 UTC569INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-store, no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                  Expires: Tue, 27 Aug 2024 18:09:55 GMT
                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                  x-ms-route-info: C538_BL2
                                                                                  x-ms-request-id: 027ab80f-768d-4043-a55b-be0725c3d945
                                                                                  PPServer: PPV: 30 H: BL02EPF0001D901 V: 0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Date: Tue, 27 Aug 2024 18:10:55 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 10197
                                                                                  2024-08-27 18:10:55 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.164971952.165.165.26443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:10:57 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WOORxlo+RoS5dvA&MD=CHY4tfS9 HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-08-27 18:10:58 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                  MS-CorrelationId: aa584fc5-b0ee-4f35-9b4d-a407276d64a9
                                                                                  MS-RequestId: 7ba35310-34be-4eaa-85ab-f8d739766fd2
                                                                                  MS-CV: LOzh/cHNj0+5xtFJ.0
                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Tue, 27 Aug 2024 18:10:57 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 24490
                                                                                  2024-08-27 18:10:58 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                  2024-08-27 18:10:58 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.1649724104.47.64.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:09 UTC1079OUTGET /?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:09 UTC538INHTTP/1.1 200 OK
                                                                                  Cache-Control: private
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-AspNetMvc-Version: 4.0
                                                                                  X-SL-GetUrlReputation-Verdict: Bad
                                                                                  X-Robots-Tag: noindex, nofollow
                                                                                  X-AspNet-Version: 4.0.30319
                                                                                  X-ServerName: BL0GCC02WS900
                                                                                  X-ServerVersion: 15.20.7897.023
                                                                                  X-ServerLat: 215
                                                                                  X-SafeLinks-Tracking-Id: 68623ce6-7f3d-47e0-f2e1-08dcc6c3a0a5
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:09 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 5023
                                                                                  2024-08-27 18:11:09 UTC5023INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 44 65 66 65 6e 64 65 72 20 66 6f 72 20 4f 66 66 69 63 65 20 33 36 35 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 61 6d 65 2d 6f 72 69 67 69 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c
                                                                                  Data Ascii: <!doctype html><html><head> <meta charset="UTF-8"> <title>Microsoft Defender for Office 365</title> <meta name="referrer" content="same-origin" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" href="data:,


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.1649725104.47.64.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:10 UTC1079OUTGET /?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0 HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:10 UTC538INHTTP/1.1 200 OK
                                                                                  Cache-Control: private
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-AspNetMvc-Version: 4.0
                                                                                  X-SL-GetUrlReputation-Verdict: Bad
                                                                                  X-Robots-Tag: noindex, nofollow
                                                                                  X-AspNet-Version: 4.0.30319
                                                                                  X-ServerName: BL0GCC02WS025
                                                                                  X-ServerVersion: 15.20.7897.023
                                                                                  X-ServerLat: 251
                                                                                  X-SafeLinks-Tracking-Id: 835e243a-45d7-4206-fa8e-08dcc6c3a13e
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:10 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 5023
                                                                                  2024-08-27 18:11:10 UTC5023INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 44 65 66 65 6e 64 65 72 20 66 6f 72 20 4f 66 66 69 63 65 20 33 36 35 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 61 6d 65 2d 6f 72 69 67 69 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c
                                                                                  Data Ascii: <!doctype html><html><head> <meta charset="UTF-8"> <title>Microsoft Defender for Office 365</title> <meta name="referrer" content="same-origin" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" href="data:,


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.1649727104.47.64.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:10 UTC1004OUTGET /Content/Scripts/safelinksv2.css HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: text/css,*/*;q=0.1
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: style
                                                                                  Referer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:10 UTC466INHTTP/1.1 200 OK
                                                                                  Content-Type: text/css
                                                                                  Last-Modified: Mon, 26 Aug 2024 15:05:20 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  ETag: "078185ec9f7da1:0"
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-ServerName: BL0GCC02WS006
                                                                                  X-ServerVersion: 15.20.7918.017
                                                                                  X-ServerLat: 1
                                                                                  X-SafeLinks-Tracking-Id: 83fecdc8-78db-460b-d196-08dcc6c3a13f
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:10 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 3932
                                                                                  2024-08-27 18:11:10 UTC3932INData Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 20 2a 2f 0d 0a 0d 0a 62 6f 64 79 7b 0d 0a 09 6d 61 72 67 69 6e 3a 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 64 69 76 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 23 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 5f 63 6f 6e 74 61 69 6e 65 72 7b 0d 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 69 63 6f 6e 20 69 6d 67 20 7b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 70 78 3b 0d 0a 7d 0d 0a 0d 0a 23 75 72 6c 20 7b 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f
                                                                                  Data Ascii: @charset "UTF-8";/* CSS Document */body{margin:0px;padding:0px;}div{ text-align:left;}#recommendation_container{width:100%;}#icon img {margin-left: 40px;margin-top: 45px;}#url {height: 32px;background-co


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.1649726104.47.64.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:10 UTC982OUTGET /Content/Scripts/site.js HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: */*
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: script
                                                                                  Referer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:10 UTC480INHTTP/1.1 200 OK
                                                                                  Content-Type: application/javascript
                                                                                  Last-Modified: Tue, 20 Aug 2024 09:15:36 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  ETag: "0ac2d84e1f2da1:0"
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-ServerName: BL0GCC02WS031
                                                                                  X-ServerVersion: 15.20.7897.016
                                                                                  X-ServerLat: 0
                                                                                  X-SafeLinks-Tracking-Id: a87a79a1-6a36-4632-e6d4-08dcc6c3a156
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:09 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 1588
                                                                                  2024-08-27 18:11:10 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                                                                  Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.1649728104.47.64.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:11 UTC1043OUTGET /Content/images/cross.png HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: image
                                                                                  Referer: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:11 UTC468INHTTP/1.1 200 OK
                                                                                  Content-Type: image/png
                                                                                  Last-Modified: Sun, 25 Aug 2024 09:18:50 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  ETag: "079e0cbcff6da1:0"
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-ServerName: BL0GCC02WS019
                                                                                  X-ServerVersion: 15.20.7897.023
                                                                                  X-ServerLat: 1
                                                                                  X-SafeLinks-Tracking-Id: 98143f6a-630b-4165-3b0b-08dcc6c3a1b6
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:10 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 25664
                                                                                  2024-08-27 18:11:11 UTC15916INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                                                                  Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                                                                  2024-08-27 18:11:11 UTC9748INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.1649729104.47.65.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:11 UTC385OUTGET /Content/Scripts/site.js HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: */*
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:11 UTC480INHTTP/1.1 200 OK
                                                                                  Content-Type: application/javascript
                                                                                  Last-Modified: Mon, 26 Aug 2024 15:05:20 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  ETag: "078185ec9f7da1:0"
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-ServerName: DM3GCC02WS011
                                                                                  X-ServerVersion: 15.20.7918.017
                                                                                  X-ServerLat: 0
                                                                                  X-SafeLinks-Tracking-Id: aad47935-56ba-4f4d-afe1-08dcc6c3a1d6
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:11 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 1588
                                                                                  2024-08-27 18:11:11 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                                                                  Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.1649731104.47.65.284435736C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:12 UTC386OUTGET /Content/images/cross.png HTTP/1.1
                                                                                  Host: gcc02.safelinks.protection.outlook.com
                                                                                  Connection: keep-alive
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: */*
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-08-27 18:11:12 UTC468INHTTP/1.1 200 OK
                                                                                  Content-Type: image/png
                                                                                  Last-Modified: Sun, 25 Aug 2024 09:18:50 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  ETag: "079e0cbcff6da1:0"
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  X-ServerName: DM3GCC02WS022
                                                                                  X-ServerVersion: 15.20.7897.023
                                                                                  X-ServerLat: 1
                                                                                  X-SafeLinks-Tracking-Id: f9f5a44e-e51e-4d4b-06a2-08dcc6c3a24c
                                                                                  X-Powered-By: ASP.NET
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-UA-Compatible: IE=Edge
                                                                                  Date: Tue, 27 Aug 2024 18:11:11 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 25664
                                                                                  2024-08-27 18:11:12 UTC15916INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                                                                  Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                                                                  2024-08-27 18:11:12 UTC9748INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.164973513.107.5.88443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:15 UTC530OUTGET /ab?clientId=B5786FF8-3453-4616-B94D-5348C714CD0F HTTP/1.1
                                                                                  X-OfficeApp-BuildVersion: 16.0.11629.20316
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  X-OfficeApp-Platform: universal
                                                                                  X-OfficeApp-Language: en-CH
                                                                                  X-OutlookMobile-Architecture: x64
                                                                                  X-OutlookMobile-BuildFlavor: ship
                                                                                  X-OutlookMobile-Environment: Production
                                                                                  X-OfficeApp-MsoVersion: 10.0.19045
                                                                                  X-OutlookMobile-HxServiceAccounts: None
                                                                                  Content-Length: 0
                                                                                  Content-Encoding: gzip
                                                                                  Host: outlookmobile-office365-tas.msedge.net
                                                                                  Connection: Keep-Alive
                                                                                  Cache-Control: no-cache
                                                                                  2024-08-27 18:11:15 UTC438INHTTP/1.1 200 OK
                                                                                  Content-Length: 10798
                                                                                  Content-Type: application/json; charset=utf-8
                                                                                  ETag: -898950558_-307058664
                                                                                  Strict-Transport-Security: max-age=2592000
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-ExP-TrackingId: ce8913cf-7494-48af-a4ec-eb67347a5287
                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                  X-MSEdge-Ref: Ref A: 79373273805E416FA9F39E8AF9AC4E0A Ref B: EWR311000101031 Ref C: 2024-08-27T18:11:15Z
                                                                                  Date: Tue, 27 Aug 2024 18:11:15 GMT
                                                                                  Connection: close
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 6f 75 75 6e 69 31 32 32 31 22 2c 22 65 78 70 66 72 66 6c 74 6f 75 75 6e 69 31 32 32 31 22 2c 22 6f 75 66 69 72 31 37 33 31 22 2c 22 6f 75 6d 61 6e 33 32 32 31 22 2c 22 6f 75 75 73 65 36 38 37 31 22 2c 22 6f 75 69 6e 74 31 33 30 31 22 2c 22 6f 75 63 61 6c 38 32 38 31 22 2c 22 6f 75 6d 61 69 31 33 36 31 22 2c 22 6f 75 73 69 6e 37 38 39 31 22 2c 22 6f 75 63 61 6c 34 35 34 31 22 2c 22 6f 75 62 72 65 35 30 30 31 22 2c 22 6f 75 61 74 74 37 31 35 31 22 2c 22 6f 75 68 78 68 36 34 31 31 22 2c 22 6f 75 72 65 70 31 35 39 31 22 2c 22 6f 75 63 61 6c 38 36 38 31 22 2c 22 6f 75 65 6e 68 33 34 37 31 22 2c 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 6f 75 6d 69 63
                                                                                  Data Ascii: {"Features":["ouuni1221","expfrfltouuni1221","oufir1731","ouman3221","ouuse6871","ouint1301","oucal8281","oumai1361","ousin7891","oucal4541","oubre5001","ouatt7151","ouhxh6411","ourep1591","oucal8681","ouenh3471","oumai8881","ouint2571","oumar9041","oumic
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 6f 75 73 74 6f 37 37 32 31 22 2c 22 6f 75 64 6f 6e 37 30 32 31 22 2c 22 6f 75 65 6e 61 32 34 31 30 22 2c 22 6f 75 73 74 6f 34 37 32 22 2c 22 6f 66 66 6c 69 6e 65 73 65 61 72 63 68 61 76 6f 69 64 61 70 70 6f 69 6e 74 6d 65 6e 74 69 6e 73 74 61 6e 63 65 69 6e 64 65 78 69 6e 67 22 2c 22 6f 6d 69 6e 61 6c 6c 64 6f 6e 65 66 69 78 65 64 22 2c 22 73 68 72 69 6e 6b 74 65 6c 65 6d 65 74 72 79 66 6f 72 6d 65 74 61 64 61 74 61 22 2c 22 6f 75 73 65 61 37 38 31 22 2c 22 6f 75 63 61 6c 32 34 36 22 2c 22 64 69 73 6d 69 73 73 22 2c 22 6f 75 75 73 69 35 35 38 22 2c 22 6f 75 6d 33 36 38 34 30 22 2c 22 6f 75 61 6c 77 34 33 37 22 2c 22 75 6e 65 6e 34 30 34 63 66 22 2c 22 6f 75 75 73 65 73 6d 74 70 63 6c 69 65 6e 74 76 32 22 2c 22 63 6f 6d 70 72 65 73 73 65 64 73 65 72 76 69
                                                                                  Data Ascii: ousto7721","oudon7021","ouena2410","ousto472","offlinesearchavoidappointmentinstanceindexing","ominalldonefixed","shrinktelemetryformetadata","ousea781","oucal246","dismiss","ouusi558","oum36840","oualw437","unen404cf","ouusesmtpclientv2","compressedservi
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 22 3a 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 31 74 62 22 3a 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 31 74 61 22 3a 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 31 74 39 22 3a 22 6f 75 6d 69 63 34 31 36 31 22 2c 22 31 74 38 22 3a 22 6f 75 6d 6f 64 39 33 30 31 22 2c 22 31 74 37 22 3a 22 6f 75 6d 75 6c 37 36 39 31 22 2c 22 31 74 35 22 3a 22 6f 75 6e 61 76 37 30 30 31 22 2c 22 31 74 31 22 3a 22 6f 75 73 65 61 37 31 37 31 22 2c 22 31 73 78 22 3a 22 6f 75 73 75 70 33 34 38 31 22 2c 22 31 73 76 22 3a 22 6f 75 75 73 65 31 32 31 31 22 2c 22 31 73 74 22 3a 22 6f 75 61 64 64 39 37 35 31 22 2c 22 31 73 6b 22 3a 22 6f 75 69 6e 74 37 38 35 31 22 2c 22 31 73 6a 22 3a 22 6f 75 73 68 61 35 37 34 31 22 2c 22 31 73 69 22 3a 22 6f 75 73 69 6d 34 36 37 31 22 2c 22 31 73 68 22 3a 22
                                                                                  Data Ascii: ":"oumai8881","1tb":"ouint2571","1ta":"oumar9041","1t9":"oumic4161","1t8":"oumod9301","1t7":"oumul7691","1t5":"ounav7001","1t1":"ousea7171","1sx":"ousup3481","1sv":"ouuse1211","1st":"ouadd9751","1sk":"ouint7851","1sj":"ousha5741","1si":"ousim4671","1sh":"
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 31 69 22 3a 22 6f 75 73 79 6e 37 30 32 31 22 2c 22 68 76 64 22 3a 22 6f 75 73 68 6f 33 36 33 31 22 2c 22 69 6d 74 22 3a 22 6f 75 73 79 6e 33 37 37 31 22 2c 22 6a 35 6b 22 3a 22 6f 75 75 70 73 31 36 35 31 22 2c 22 6a 75 73 22 3a 22 6f 75 64 65 66 36 35 39 31 22 2c 22 6c 33 61 22 3a 22 6f 75 65 6e 68 39 32 38 31 22 2c 22 6d 6b 38 22 3a 22 6f 75 73 79 6e 38 30 37 31 22 2c 22 6d 6c 62 22 3a 22 6f 75 68 78 73 37 33 34 31 22 2c 22 6e 61 6c 22 3a 22 6f 75 73 79 6e 34 33 30 31 22 2c 22 6e 72 61 22 3a 22 6f 75 73 79 6e 31 35 34 31 22 2c 22 6e 72 77 22 3a 22 6f 75 73 74 6f 37 37 32 31 22 2c 22 71 6f 74 22 3a 22 6f 75 64 6f 6e 37 30 32 31 22 2c 22 77 6a 78 22 3a 22 6f 75 65 6e 61 32 34 31 30 22 2c 22 7a 74 6e 22 3a 22 6f 75 73 74 6f 34 37 32 22 2c 22 31 32 73 30 22
                                                                                  Data Ascii: 1i":"ousyn7021","hvd":"ousho3631","imt":"ousyn3771","j5k":"ouups1651","jus":"oudef6591","l3a":"ouenh9281","mk8":"ousyn8071","mlb":"ouhxs7341","nal":"ousyn4301","nra":"ousyn1541","nrw":"ousto7721","qot":"oudon7021","wjx":"ouena2410","ztn":"ousto472","12s0"
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 22 2c 22 36 38 61 73 22 3a 22 6e 65 77 61 70 70 70 65 72 6d 61 74 6f 67 67 6c 65 76 69 61 63 61 6c 6c 62 61 63 6b 66 69 6c 65 32 22 2c 22 36 39 74 6a 22 3a 22 6e 65 77 61 70 70 74 6f 67 67 6c 65 63 61 6d 70 61 69 67 6e 66 33 22 7d 2c 22 43 6f 6e 66 69 67 73 22 3a 5b 7b 22 49 64 22 3a 22 4f 75 74 6c 6f 6f 6b 4d 6f 62 69 6c 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 64 64 52 6f 6f 6d 55 49 55 70 64 61 74 65 22 3a 74 72 75 65 2c 22 41 6c 77 61 79 73 53 61 76 65 53 65 6e 74 49 74 65 6d 73 46 6f 72 44 69 72 65 63 74 53 79 6e 63 22 3a 66 61 6c 73 65 2c 22 41 74 74 61 63 68 6d 65 6e 74 4d 65 74 61 64 61 74 61 22 3a 74 72 75 65 2c 22 42 72 65 61 64 74 68 46 69 72 73 74 53 79 6e 63 22 3a 74 72 75 65 2c 22 43 61 6c 65 6e 64 61 72 41 70 69 43 6f 72 74
                                                                                  Data Ascii: ","68as":"newapppermatoggleviacallbackfile2","69tj":"newapptogglecampaignf3"},"Configs":[{"Id":"OutlookMobile","Parameters":{"AddRoomUIUpdate":true,"AlwaysSaveSentItemsForDirectSync":false,"AttachmentMetadata":true,"BreadthFirstSync":true,"CalendarApiCort
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 72 75 65 2c 22 46 65 61 74 75 72 65 50 72 6f 6d 6f 74 69 6f 6e 73 43 6f 6e 74 72 6f 6c 46 6c 69 67 68 74 32 22 3a 74 72 75 65 2c 22 46 65 77 65 72 49 6e 69 74 69 61 6c 69 7a 65 44 65 76 69 63 65 52 65 63 6f 6e 6e 65 63 74 73 22 3a 74 72 75 65 2c 22 46 69 72 73 74 52 75 6e 4f 70 65 6e 41 63 63 6f 75 6e 74 73 44 69 61 6c 6f 67 22 3a 74 72 75 65 2c 22 46 69 72 73 74 52 75 6e 55 70 53 65 6c 6c 4d 75 6c 74 69 41 63 63 6f 75 6e 74 22 3a 74 72 75 65 2c 22 46 69 72 73 74 53 79 6e 63 50 6f 6c 6c 69 6e 67 22 3a 74 72 75 65 2c 22 48 74 6d 6c 53 69 67 6e 61 74 75 72 65 45 64 69 74 6f 72 22 3a 74 72 75 65 2c 22 48 78 48 61 6e 64 73 68 61 6b 65 43 61 6c 65 6e 64 61 72 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 48 78 49 6d 6d 49 64 48 61 6e 64 73 68 61 6b 65 22 3a 74
                                                                                  Data Ascii: rue,"FeaturePromotionsControlFlight2":true,"FewerInitializeDeviceReconnects":true,"FirstRunOpenAccountsDialog":true,"FirstRunUpSellMultiAccount":true,"FirstSyncPolling":true,"HtmlSignatureEditor":true,"HxHandshakeCalendarEnabled":true,"HxImmIdHandshake":t
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 6c 6c 6f 77 41 75 74 6f 54 6f 67 67 6c 65 56 69 61 43 61 6c 6c 62 61 63 6b 46 69 6c 65 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 45 78 69 74 41 6c 6c 41 70 70 73 4f 6e 4e 65 77 41 70 70 4c 61 75 6e 63 68 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 4c 61 75 6e 63 68 46 69 6c 65 73 43 61 6c 65 6e 64 61 72 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 50 65 72 6d 61 54 6f 67 67 6c 65 56 69 61 43 61 6c 6c 62 61 63 6b 46 69 6c 65 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 53 74 6f 70 43 61 6c 65 6e 64 61 72 52 65 6d 69 6e 64 65 72 73 57 68 65 6e 54 6f 67 67 6c 65 64 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 54 6f 67 67 6c 65 43 61 6d 70 61 69 67 6e 45 43 68 65 63 6b 4d 6f 6e 61 72 63 68 49 6e 73 74 61 6c 6c 22 3a 66 61 6c 73 65 2c 22 4e 65 77 41 70 70 54 6f 67 67 6c
                                                                                  Data Ascii: llowAutoToggleViaCallbackFile":true,"NewAppExitAllAppsOnNewAppLaunch":true,"NewAppLaunchFilesCalendar":true,"NewAppPermaToggleViaCallbackFile":true,"NewAppStopCalendarRemindersWhenToggled":true,"NewAppToggleCampaignECheckMonarchInstall":false,"NewAppToggl
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 56 69 65 77 22 3a 74 72 75 65 2c 22 53 6b 69 70 48 79 64 72 61 74 65 64 46 69 72 73 74 52 75 6e 22 3a 74 72 75 65 2c 22 53 70 65 6c 6c 43 6f 72 72 65 63 74 65 64 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22 53 74 6f 72 61 67 65 50 61 67 65 43 6f 61 6c 65 73 63 65 4f 6e 49 64 6c 65 22 3a 74 72 75 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 49 64 43 61 63 68 65 41 6e 64 4f 6a 65 63 74 49 64 49 6e 64 65 78 44 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 49 6e 64 65 78 57 69 74 68 6f 75 74 53 6f 72 74 22 3a 74 72 75 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 4f 62 6a 65 63 74 49 64 73 44 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 74 6f 72 65 43 6f 6c
                                                                                  Data Ascii: View":true,"SkipHydratedFirstRun":true,"SpellCorrectedSearch":true,"StoragePageCoalesceOnIdle":true,"StoreCollectionIdCacheAndOjectIdIndexDataValidation":false,"StoreCollectionIndexWithoutSort":true,"StoreCollectionObjectIdsDataValidation":false,"StoreCol
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 56 69 65 77 22 3a 66 61 6c 73 65 2c 22 57 6f 72 64 44 61 72 6b 54 68 65 6d 65 22 3a 74 72 75 65 7d 7d 2c 7b 22 49 64 22 3a 22 55 6e 69 76 65 72 73 61 6c 52 65 61 63 74 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 45 6e 61 62 6c 65 4d 69 63 72 6f 73 6f 66 74 52 65 77 61 72 64 73 22 3a 66 61 6c 73 65 7d 7d 5d 2c 22 50 61 72 61 6d 65 74 65 72 47 72 6f 75 70 73 22 3a 6e 75 6c 6c 2c 22 46 6c 69 67 68 74 69 6e 67 56 65 72 73 69 6f 6e 22 3a 35 33 35 30 33 36 32 39 2c 22 49 6d 70 72 65 73 73 69 6f 6e 49 64 22 3a 22 43 45 38 39 31 33 43 46 37 34 39 34 34 38 41 46 41 34 45 43 45 42 36 37 33 34 37 41 35 32 38 37 22 2c 22 41 73 73 69 67 6e 6d 65 6e 74 43 6f 6e 74 65 78 74 22 3a 22 6f 75 75 6e 69 31 32 32 31 3a 2d 31 3b 65 78 70 66 72 66 6c 74 6f 75 75 6e 69 31
                                                                                  Data Ascii: View":false,"WordDarkTheme":true}},{"Id":"UniversalReact","Parameters":{"EnableMicrosoftRewards":false}}],"ParameterGroups":null,"FlightingVersion":53503629,"ImpressionId":"CE8913CF749448AFA4ECEB67347A5287","AssignmentContext":"ouuni1221:-1;expfrfltouuni1
                                                                                  2024-08-27 18:11:15 UTC1024INData Raw: 65 39 39 31 31 3a 32 39 38 39 33 39 3b 6f 75 65 6e 63 39 39 33 31 3a 33 30 31 38 35 30 3b 6f 75 69 6e 6b 37 34 39 31 3a 33 34 31 31 36 39 3b 6f 75 73 74 6f 38 30 35 31 3a 34 30 34 34 39 38 3b 6f 75 63 61 6c 36 32 33 31 3a 33 30 30 37 30 38 34 35 3b 6f 75 73 65 72 34 36 30 31 3a 33 32 39 31 31 35 3b 6f 75 6e 65 77 39 37 37 31 3a 33 32 39 31 31 39 3b 6f 75 72 65 6d 32 37 33 31 3a 33 35 37 32 39 39 3b 6f 75 66 65 61 34 32 39 31 3a 33 36 37 33 30 35 3b 6f 75 73 75 70 36 36 33 30 3a 33 30 30 31 32 39 38 33 3b 6f 75 76 61 6c 32 33 33 30 3a 33 32 38 36 31 35 3b 6f 75 65 6e 61 39 31 35 31 3a 33 35 35 33 37 36 3b 6f 75 73 65 6e 33 32 36 31 3a 33 39 33 35 33 33 3b 6f 75 77 65 65 31 35 33 30 3a 33 34 30 32 32 39 3b 6f 33 36 35 63 68 65 63 6b 66 6f 72 67 6d 61 69 6c
                                                                                  Data Ascii: e9911:298939;ouenc9931:301850;ouink7491:341169;ousto8051:404498;oucal6231:30070845;ouser4601:329115;ounew9771:329119;ourem2731:357299;oufea4291:367305;ousup6630:30012983;ouval2330:328615;ouena9151:355376;ousen3261:393533;ouwee1530:340229;o365checkforgmail


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.164973751.124.78.146443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:18 UTC409OUTGET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=B5786FF8-3453-4616-B94D-5348C714CD0F&ring=7 HTTP/1.1
                                                                                  Accept: */*
                                                                                  User-Agent: microsoft.windowscommunicationsapps
                                                                                  Accept-Language: en-CH
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: settings.data.microsoft.com
                                                                                  Connection: Keep-Alive
                                                                                  2024-08-27 18:11:18 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache,no-store
                                                                                  Content-Length: 194
                                                                                  Content-Type: application/json;charset=utf-8
                                                                                  ETag: 163:AE654997ABC9A917
                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Content-Security-Policy: script-src https://settings-sandbox.data.microsoft.com https://settings-ppe.data.microsoft.com https://settings.data.microsoft.com http://onesettings-xbox-rp.com https://settings-win.data.microsoft.com
                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                  Date: Tue, 27 Aug 2024 18:11:17 GMT
                                                                                  Connection: close
                                                                                  2024-08-27 18:11:18 UTC194INData Raw: 7b 22 72 65 66 72 65 73 68 49 6e 74 65 72 76 61 6c 22 3a 22 31 36 33 22 2c 22 71 75 65 72 79 55 72 6c 22 3a 22 2f 73 65 74 74 69 6e 67 73 2f 76 32 2e 30 2f 6f 66 66 69 63 65 2f 6f 6c 78 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 41 4c 4c 4f 57 47 4d 41 49 4c 41 44 44 41 43 43 4f 55 4e 54 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 4f 46 46 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 4f 46 46 22 3a 22 31 30 30 22 7d 7d
                                                                                  Data Ascii: {"refreshInterval":"163","queryUrl":"/settings/v2.0/office/olx","settings":{"ALLOWGMAILADDACCOUNT":"0","FORCEGMAILHANDBACK":"0","FORCEGMAILHANDOFF":"0","FORCEHANDBACK":"0","FORCEHANDOFF":"100"}}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.164974852.165.165.26443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-08-27 18:11:35 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WOORxlo+RoS5dvA&MD=CHY4tfS9 HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-08-27 18:11:35 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                  MS-CorrelationId: 685afd83-44c7-4636-be62-fd42c0d8894a
                                                                                  MS-RequestId: 02d86bc4-c0bc-4465-9f39-548aa67c03cb
                                                                                  MS-CV: zYKMIwxWsU6X/CFd.0
                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Tue, 27 Aug 2024 18:11:35 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 30005
                                                                                  2024-08-27 18:11:35 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                  2024-08-27 18:11:35 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:14:10:46
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (60).eml"
                                                                                  Imagebase:0x330000
                                                                                  File size:34'446'744 bytes
                                                                                  MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:14:10:47
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6C80195C-4D1F-4CEB-959B-8C0EC38D0691" "1DDA0EF2-0F70-4CFF-A438-4766E64439EC" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                  Imagebase:0x7ff788a10000
                                                                                  File size:710'048 bytes
                                                                                  MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:14:11:06
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                  Imagebase:0x7ff7f9810000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:14:11:07
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2F6wqiug91378jkogba10sidk.s3-website-us-east-1.amazonaws.com%2F&data=05%7C02%7Crpiotrowski%40santaclaraca.gov%7C0ffe270a4ac84456fa6f08dcc2e91367%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638599553540635927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=8CzIvsuhhoroQ2veFCC4%2FhuvypHDS8eOgNcKDdLwc98%3D&reserved=0
                                                                                  Imagebase:0x7ff7f9810000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:14
                                                                                  Start time:14:11:07
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1752,i,3634399964213929048,15866051322464257806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                  Imagebase:0x7ff7f9810000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:15
                                                                                  Start time:14:11:07
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1916,i,2109933875426074902,13146506870367632465,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                  Imagebase:0x7ff7f9810000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:17
                                                                                  Start time:14:11:12
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
                                                                                  Imagebase:0x7ff656240000
                                                                                  File size:2'486'784 bytes
                                                                                  MD5 hash:6F8EAC2C377C8F16D91CB5AC8B8DBF5F
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:22
                                                                                  Start time:14:11:16
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
                                                                                  Imagebase:0x7ff72d390000
                                                                                  File size:274'432 bytes
                                                                                  MD5 hash:6FEB00C9A2C3FF66230658B3012BAB6A
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:23
                                                                                  Start time:14:11:21
                                                                                  Start date:27/08/2024
                                                                                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" -Embedding
                                                                                  Imagebase:0x330000
                                                                                  File size:34'446'744 bytes
                                                                                  MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  No disassembly