Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
(No subject) (61).eml

Overview

General Information

Sample name:(No subject) (61).eml
Analysis ID:1500051
MD5:be99f839a9f7be884aca6148fe909da2
SHA1:e6546325a3e827fbd7646c01c46e803a5da072eb
SHA256:9db3b82853343008944fa8b596364b1116b98c428552fda6b073279cc4fc07cd
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected BlockedWebSite
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6912 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (61).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4060 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "415CD50A-3286-4708-9E21-1ACF4964AB02" "ED24CD48-F495-4908-A499-5C520B0A7F1B" "6912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1972,i,3396503775361026336,9902616994921859969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • Acrobat.exe (PID: 4452 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 5004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1556,i,13234393440631177627,15431578782892992612,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • HxOutlook.exe (PID: 7644 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 1840 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • Acrobat.exe (PID: 4224 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" /b /id 2972_1168870213 /if pdfshell_prev00247cc8-fc9c-469d-a24b-5c21c15243a2 /CR MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    Sigma Signatures

    Sigma detected: Office Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6912, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
    Sigma detected: Outlook Security Settings Updated - Registry
    Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6912, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected BlockedWebSite
    Source: Yara matchFile source: 1.0.pages.csv, type: HTML
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.18:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.18:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.18:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.18:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.93.21.160:443 -> 192.168.2.18:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.182.143.211:443 -> 192.168.2.18:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.167.249.196:443 -> 192.168.2.18:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.167.249.196:443 -> 192.168.2.18:49763 version: TLS 1.2
    Source: global trafficHTTP traffic detected: GET /ab?clientId=4186BE91-E256-4574-B32D-E3E73E51588C HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAEGllNoC2NeE8qC1/jr3wZi/gAHAzsYDhekwwsGpV7PCGDhup0wOu0I1TfRVFkO5AdsbsvH1ug2mvU231IEVXqN0EeuARU0rO7fu5iu60t5OOaUsnGZ0PFa56TKf7gl2Zf5cJMUOJPhngPF7IOg4yMu+b8izH2E0amOSu9MQnPw+tiajsVEppele/0QUhUI8pLRAtoCaxdKPbzcXE5ucOGhvggfmhMP/ze0yOjvMp4qHGsS6aJwlosGbUI4TZj/d5aQDEB5ExzSwm43/g14m7XpVmNH8Z1HNDgvS9J4UnXjFIEMnxKfXd8RgPr8YUaniPWM8SHQE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1724782736695Host: self.events.data.microsoft.comContent-Length: 8080Connection: Keep-AliveCache-Control: no-cache
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewIP Address: 104.47.64.28 104.47.64.28
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
    Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rCdCH473Gw42DEk&MD=dhXPOHoK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Content/Scripts/safelinksv2.css HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ab?clientId=4186BE91-E256-4574-B32D-E3E73E51588C HTTP/1.1X-OfficeApp-BuildVersion: 16.0.11629.20316Accept-Encoding: gzip, deflateX-OfficeApp-Platform: universalX-OfficeApp-Language: en-CHX-OutlookMobile-Architecture: x64X-OutlookMobile-BuildFlavor: shipX-OutlookMobile-Environment: ProductionX-OfficeApp-MsoVersion: 10.0.19045X-OutlookMobile-HxServiceAccounts: NoneContent-Length: 0Content-Encoding: gzipHost: outlookmobile-office365-tas.msedge.netConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=4186BE91-E256-4574-B32D-E3E73E51588C&ring=7 HTTP/1.1Accept: */*User-Agent: microsoft.windowscommunicationsappsAccept-Language: en-CHAccept-Encoding: gzip, deflate, brHost: settings.data.microsoft.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rCdCH473Gw42DEk&MD=dhXPOHoK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZLvXvXHRTyXvrHjUnJH5Qrh4oXIJGuZYQuuswi3QT5ZTKAfmFht5LCQAFaQJ88Lq9XSYA8sI2CA7klIYMOi1IfFYalXrDvqns688IjaoTSj6/8P4ljHYlU%2BDHztF1g2P8UjYzu0c7KbDhK5v1KiRL29/Xu4tU6diIgMRD%2BQlDI7873luzxaKMVx1lwCeF16IZ9M2woOTKsqMbZkpxvblpHZTBcYdU7iqiVlktSsosrWAovIn9G81aZ%2Baa6ujS8r9LDAPAhRXPpzXw%2BeLEwnnpZf7mjZcFfwiBIsMkB5OcgA8FZESF97w9qU19qOv8WafkkCjVz0GQJNKvsp021IbroQZgAAEPVbzBeUov08oognOxMStSOwAVb7vC7PJUF%2Bhyz5AN8TEmojrzG/ISHxawiXlAPRGIengjobekwG2Uk1FyMRSWjsaDonVpmcTJTqifZ%2BNeTGxcodck93%2BnLCeNBamZScnXtH6vGRLqJW%2BgCdIzY2c6qel5FNqXnSNsHagioNfAGiNondmb/2YnDSRTX7bsqERGq69jN0wZtPq3faefejUmP2kl%2BCki%2Bblw5ufG/R1jmR/%2B9Nl8RAdooBjjuTN%2Bm7u1QFIRZPARXNm8O5iRJVyC1blPCkg4gc0vB6Wwdh8C5l8%2BBc/0E%2BqrkvHLSz9YKuWMvNq8FJj4Cm4T66nPIBpTMVHbk0npiKA3sWu9sKwJ5QEPxJwbdkCaKFqLkXtMBM9UgAl7IX2rM6/DB/UOJwOg0YMRxElIAJvk0jtnEFkSQDdv13tz84F7AIeFR3AvUXCCb9FSZEREwzlO3cq7/qxYtvm6lXeLsO%2BkvXQ1XlpOVsw/tujCH676/Q3FJPDqQFRYdxt%2BRMD5YJnYE%2Bd7Lgfag691gUDFZDUK1gGm2h85fIS2pglNNsMg107F9AIv763O8%2By5Lp170LbJon635vuUaCodcB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1724782551User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 4C3818340B074C0783E5863BB529B949X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
    Source: (No subject) (61).emlString found in binary or memory: 2.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.linkedin.com%2F= equals www.linkedin.com (Linkedin)
    Source: (No subject) (61).emlString found in binary or memory: 2.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.youtube.com%2F%= equals www.youtube.com (Youtube)
    Source: (No subject) (61).emlString found in binary or memory: =3D"https://www.linkedin.com/company/lucent-innovation/" shash=3D"NjG0K/dfe= equals www.linkedin.com (Linkedin)
    Source: (No subject) (61).emlString found in binary or memory: ttps://www.youtube.com/@lucentinnovation" shash=3D"Ga4EoraAyGbSAR444dRqH4xo= equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
    Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.25.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
    Source: 77EC63BDA74BD0D0E0426DC8F80085060.25.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: (No subject) (61).emlString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.aadrm.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.aadrm.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.cortana.ai
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.diagnostics.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.microsoftstream.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.office.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.onedrive.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://api.scheduler.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://app.powerbi.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://augloop.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://augloop.office.com/v2
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://canary.designerapp.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.entity.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.s=
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.sho=
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.shopify.com/s/files/1/1905/9639/f=
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.shopify.com/s/files/1/1905/9639/files/linkedin_38485de5-6c0=
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.shopify.com/s/files/1/1905/9639/files/logo-luce=
    Source: (No subject) (61).emlString found in binary or memory: https://cdn.shopify.com/s/files/1/1905/9639/files=
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://config.edge.skype.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cortana.ai
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cortana.ai/api
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://cr.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://d.docs.live.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://designerapp.azurewebsites.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dev.cortana.ai
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://devnull.onenote.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://directory.services.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ecs.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://edge.skype.com/registrar/prod
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://edge.skype.com/rps
    Source: (No subject) (61).emlString found in binary or memory: https://emp.eduyield.com/el?aid=3D2wu0dda0e6c-1865-11e=
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: (No subject) (61).emlString found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2=
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://graph.ppe.windows.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://graph.windows.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://graph.windows.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ic3.teams.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://inclient.store.office.com/gyro/client
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://invites.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://lifecycle.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.microsoftonline.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.microsoftonline.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.microsoftonline.com/organizations
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.windows.local
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://make.powerautomate.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://management.azure.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://management.azure.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.action.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.engagement.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.lifecycle.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://messaging.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://my.microsoftpersonalcontent.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ncus.contentsync.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officeapps.live.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officepyservice.office.net/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officepyservice.office.net/service.functionality
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://onedrive.live.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://otelrules.azureedge.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://otelrules.svc.static.microsoft
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office365.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office365.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://outlook.office365.com/connectors
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://powerlift.acompli.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://pushchannel.1drv.ms
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://res.cdn.office.net
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://res.cdn.office.net/polymer/models
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://service.powerapps.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://settings.outlook.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://staging.cortana.ai
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://substrate.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://tasks.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://templatesmetadata.office.net/
    Source: (No subject) (61).emlString found in binary or memory: https://twitter.com/l=
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://webshell.suite.office.com
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://wus2.contentsync.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: hbgnj.pdf.0.dr, hbgnj (002).pdf.0.dr, olk2C5.tmp.0.drString found in binary or memory: https://www.dynaforms.com
    Source: (No subject) (61).emlString found in binary or memory: https://www.linkedin.com/company/lucent-innovation/
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: A74F9330-EF48-47B4-9B70-118016E011F4.15.drString found in binary or memory: https://www.yammer.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.18:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.18:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.18:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.18:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.18:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.18:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.93.21.160:443 -> 192.168.2.18:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.182.143.211:443 -> 192.168.2.18:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.167.249.196:443 -> 192.168.2.18:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.167.249.196:443 -> 192.168.2.18:49763 version: TLS 1.2
    Source: classification engineClassification label: mal48.phis.winEML@41/52@6/6
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1414170852-6912.etlJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (61).eml"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "415CD50A-3286-4708-9E21-1ACF4964AB02" "ED24CD48-F495-4908-A499-5C520B0A7F1B" "6912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1972,i,3396503775361026336,9902616994921859969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
    Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
    Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" /b /id 2972_1168870213 /if pdfshell_prev00247cc8-fc9c-469d-a24b-5c21c15243a2 /CR
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1556,i,13234393440631177627,15431578782892992612,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "415CD50A-3286-4708-9E21-1ACF4964AB02" "ED24CD48-F495-4908-A499-5C520B0A7F1B" "6912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0Jump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf"Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1972,i,3396503775361026336,9902616994921859969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1556,i,13234393440631177627,15431578782892992612,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_1_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_1_app.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dllJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_1_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_1_app.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
    Source: Google Drive.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: YouTube.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Sheets.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Gmail.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Slides.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Docs.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 16
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		1
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    Query Registry    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory1
    Process Discovery    		Remote Desktop ProtocolData from Removable Media3
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive4
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS14
    System Information Discovery    		Distributed Component Object ModelInput Capture1
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500051 Sample: (No subject) (61).eml Startdate: 27/08/2024 Architecture: WINDOWS Score: 48 42 Yara detected BlockedWebSite 2->42 8 OUTLOOK.EXE 514 153 2->8         started        10 HxOutlook.exe 62 18 2->10         started        12 HxAccounts.exe 2->12         started        14 Acrobat.exe 2->14         started        process3 process4 16 chrome.exe 9 8->16         started        19 Acrobat.exe 8->19         started        21 ai.exe 8->21         started        dnsIp5 30 192.168.2.16 unknown unknown 16->30 32 192.168.2.18, 137, 138, 443 unknown unknown 16->32 34 2 other IPs or domains 16->34 23 chrome.exe 16->23         started        26 AcroCEF.exe 19->26         started        process6 dnsIp7 36 gcc02.safelinks.eop-tm2.outlook.com 104.47.64.28, 443, 49720, 49721 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->36 38 www.google.com 142.250.185.132, 443, 49728, 49744 GOOGLEUS United States 23->38 40 gcc02.safelinks.protection.outlook.com 23->40 28 AcroCEF.exe 26->28         started        process8

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://api.diagnosticssdf.office.com0%URL Reputationsafe
    https://login.microsoftonline.com/0%URL Reputationsafe
    https://shell.suite.office.com:14430%URL Reputationsafe
    https://designerapp.azurewebsites.net0%URL Reputationsafe
    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
    https://autodiscover-s.outlook.com/0%URL Reputationsafe
    https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
    https://outlook.office365.com/connectors0%URL Reputationsafe
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
    https://cdn.entity.0%URL Reputationsafe
    https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
    https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
    https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
    https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
    https://canary.designerapp.0%URL Reputationsafe
    https://ic3.teams.office.com0%URL Reputationsafe
    https://www.yammer.com0%URL Reputationsafe
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
    https://cr.office.com0%URL Reputationsafe
    https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
    https://otelrules.svc.static.microsoft0%URL Reputationsafe
    https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
    https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
    https://edge.skype.com/registrar/prod0%URL Reputationsafe
    https://graph.ppe.windows.net0%URL Reputationsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
    https://tasks.office.com0%URL Reputationsafe
    https://officeci.azurewebsites.net/api/0%URL Reputationsafe
    https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
    https://api.scheduler.0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://api.aadrm.com0%URL Reputationsafe
    https://edge.skype.com/rps0%URL Reputationsafe
    https://globaldisco.crm.dynamics.com0%URL Reputationsafe
    https://messaging.engagement.office.com/0%URL Reputationsafe
    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
    https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
    https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
    https://web.microsoftstream.com/video/0%URL Reputationsafe
    https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://graph.windows.net0%URL Reputationsafe
    https://dataservice.o365filtering.com/0%URL Reputationsafe
    https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
    https://cdn.sho=0%Avira URL Cloudsafe
    https://www.linkedin.com/company/lucent-innovation/0%Avira URL Cloudsafe
    https://analysis.windows.net/powerbi/api0%URL Reputationsafe
    https://aka.ms/LearnAboutSenderIdentification0%URL Reputationsafe
    https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
    https://substrate.office.com0%URL Reputationsafe
    https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
    https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
    https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
    https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
    http://weather.service.msn.com/data.aspx0%URL Reputationsafe
    https://apis.live.net/v5.0/0%URL Reputationsafe
    https://officepyservice.office.net/service.functionality0%URL Reputationsafe
    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
    https://templatesmetadata.office.net/0%URL Reputationsafe
    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
    https://messaging.lifecycle.office.com/0%URL Reputationsafe
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
    https://pushchannel.1drv.ms0%URL Reputationsafe
    https://management.azure.com0%URL Reputationsafe
    https://cdn.shopify.com/s/files/1/1905/9639/f=0%Avira URL Cloudsafe
    https://outlook.office365.com0%URL Reputationsafe
    https://api.microsoftstream.com/api/0%Avira URL Cloudsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
    https://incidents.diagnostics.office.com0%URL Reputationsafe
    https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
    https://make.powerautomate.com0%URL Reputationsafe
    https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
    https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
    https://www.dynaforms.com0%Avira URL Cloudsafe
    https://cdn.shopify.com/s/files/1/1905/9639/files/logo-luce=0%Avira URL Cloudsafe
    https://emp.eduyield.com/el?aid=3D2wu0dda0e6c-1865-11e=0%Avira URL Cloudsafe
    https://outlook.office.com/autosuggest/api/v1/init?cvid=0%Avira URL Cloudsafe
    https://gcc02.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css0%Avira URL Cloudsafe
    https://d.docs.live.net0%Avira URL Cloudsafe
    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0%Avira URL Cloudsafe
    https://gcc02.safelinks.protection.outlook.com/Content/Scripts/site.js0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    gcc02.safelinks.eop-tm2.outlook.com
    		104.47.64.28
    		truefalse
      		unknown
      www.google.com
      		142.250.185.132
      		truefalse
        		unknown
        gcc02.safelinks.protection.outlook.com
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0false
            		unknown
            https://gcc02.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.cssfalse
            • Avira URL Cloud: safe
            		unknown
            https://gcc02.safelinks.protection.outlook.com/Content/Scripts/site.jsfalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://api.diagnosticssdf.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://www.linkedin.com/company/lucent-innovation/(No subject) (61).emlfalse
            • Avira URL Cloud: safe
            		unknown
            https://login.microsoftonline.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://shell.suite.office.com:1443A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://designerapp.azurewebsites.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://autodiscover-s.outlook.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://useraudit.o365auditrealtimeingestion.manage.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office365.com/connectorsA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cdn.entity.A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.omex.office.net/appinfo/queryA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://clients.config.office.net/user/v1.0/tenantassociationkeyA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://powerlift.acompli.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cdn.sho=(No subject) (61).emlfalse
            • Avira URL Cloud: safe
            		unknown
            https://rpsticket.partnerservices.getmicrosoftkey.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://lookup.onenote.com/lookup/geolocation/v1A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cortana.aiA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cloudfiles.onenote.com/upload.aspxA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://entitlement.diagnosticssdf.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.aadrm.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://ofcrecsvcapi-int.azurewebsites.net/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://canary.designerapp.A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://ic3.teams.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://www.yammer.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.microsoftstream.com/api/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cdn.shopify.com/s/files/1/1905/9639/f=(No subject) (61).emlfalse
            • Avira URL Cloud: safe
            		unknown
            https://cr.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://messagebroker.mobile.m365.svc.cloud.microsoftA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://otelrules.svc.static.microsoftA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://portal.office.com/account/?ref=ClientMeControlA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://edge.skype.com/registrar/prodA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://graph.ppe.windows.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://res.getmicrosoftkey.com/api/redemptioneventsA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://powerlift-frontdesk.acompli.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://tasks.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://officeci.azurewebsites.net/api/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://sr.outlook.office.net/ws/speech/recognize/assistant/workA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://www.dynaforms.comhbgnj.pdf.0.dr, hbgnj (002).pdf.0.dr, olk2C5.tmp.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://api.scheduler.A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://my.microsoftpersonalcontent.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://store.office.cn/addinstemplateA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.aadrm.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://cdn.shopify.com/s/files/1/1905/9639/files/logo-luce=(No subject) (61).emlfalse
            • Avira URL Cloud: safe
            		unknown
            https://edge.skype.com/rpsA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office.com/autosuggest/api/v1/init?cvid=A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://emp.eduyield.com/el?aid=3D2wu0dda0e6c-1865-11e=(No subject) (61).emlfalse
            • Avira URL Cloud: safe
            		unknown
            https://globaldisco.crm.dynamics.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://messaging.engagement.office.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://dev0-api.acompli.net/autodetectA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://www.odwebp.svc.msA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.diagnosticssdf.office.com/v2/feedbackA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.powerbi.com/v1.0/myorg/groupsA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://web.microsoftstream.com/video/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.store.officeppe.com/addinstemplateA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://graph.windows.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://dataservice.o365filtering.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://officesetup.getmicrosoftkey.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://analysis.windows.net/powerbi/apiA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://aka.ms/LearnAboutSenderIdentification(No subject) (61).emlfalse
            • URL Reputation: safe
            		unknown
            https://prod-global-autodetect.acompli.net/autodetectA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://substrate.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office365.com/autodiscover/autodiscover.jsonA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://consent.config.office.com/consentcheckin/v1.0/consentsA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://d.docs.live.netA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://safelinks.protection.outlook.com/api/GetPolicyA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://ncus.contentsync.A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            http://weather.service.msn.com/data.aspxA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://apis.live.net/v5.0/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://officepyservice.office.net/service.functionalityA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://templatesmetadata.office.net/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://messaging.lifecycle.office.com/A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://pushchannel.1drv.msA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://management.azure.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office365.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://wus2.contentsync.A74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://incidents.diagnostics.office.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://clients.config.office.net/user/v1.0/iosA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://make.powerautomate.comA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.omex.office.net/api/addins/searchA74F9330-EF48-47B4-9B70-118016E011F4.15.drfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            142.250.185.132
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            104.47.64.28
            		gcc02.safelinks.eop-tm2.outlook.comUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

            Private

            IP
            192.168.2.16
            192.168.2.18
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1500051
            Start date and time:2024-08-27 20:13:37 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 12m 6s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:32
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Sample name:(No subject) (61).eml
            Detection:MAL
            Classification:mal48.phis.winEML@41/52@6/6
            Cookbook Comments:
            • Found application associated with file extension: .eml

            Warnings

            • Max analysis timeout: 600s exceeded, the analysis took too long
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, HxTsr.exe, prevhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.28.47, 2.19.126.160, 2.19.126.151, 93.184.221.240, 20.42.65.93, 64.233.184.84, 74.125.136.100, 74.125.136.102, 74.125.136.138, 74.125.136.101, 74.125.136.139, 74.125.136.113, 142.250.184.195, 34.104.35.123, 52.109.32.97, 13.107.42.16, 52.109.68.130, 23.221.240.182, 34.193.227.236, 107.22.247.231, 18.207.85.246, 54.144.73.197, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 88.221.168.141, 95.101.54.195, 2.16.202.123, 23.215.55.143, 23.215.55.140, 74.125.138.94, 23.215.0.36, 23.215.0.48, 172.217.18.14, 34.250.67.152, 54.195.71.107, 54.194.243.238
            • Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, mobile.events.data.microsoft.com, a1952.dscq.akamai.net, clients2.google.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, apps.identrust.com, a1864.dscd.akamai.net, www.bing.com, ecs.office.com, identrust.edgesuite.net, acroipm2.adobe.com.edgesuite.net, frc-azsc-000.odc.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, ssl.adobe.com.edgekey.net, uks-azsc-000.roaming.officeapps.live.com, outlookmobile-office365-tas.msedge.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, settings.data.microsoft.com, ecs.office.trafficmanager.net, cli
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtOpenKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryAttributesFile calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Report size getting too big, too many NtSetValueKey calls found.
            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • VT rate limit hit for: (No subject) (61).eml

            Simulations

            Behavior and APIs

            TimeTypeDescription
            14:15:08API Interceptor2x Sleep call for process: AcroCEF.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            239.255.255.250nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..emlGet hashmaliciousUnknownBrowse
              https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bKGet hashmaliciousUnknownBrowse
                httpsworker-nameless-haze-86e5.berwieberwieberwieberwieberwie.workers.deveba=.htmGet hashmaliciousHTMLPhisherBrowse
                  https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                    (No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                      Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                        (No subject) (59).emlGet hashmaliciousHTMLPhisherBrowse
                          https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                            http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                              https://t.co/CFNobJuJq9Get hashmaliciousHTMLPhisherBrowse
                                104.47.64.28(No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                                  (No subject) (53).emlGet hashmaliciousUnknownBrowse
                                    https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                      https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                        (No subject) (48).emlGet hashmaliciousUnknownBrowse
                                          (No subject) (45).emlGet hashmaliciousUnknownBrowse
                                            (No subject) (44).emlGet hashmaliciousUnknownBrowse
                                              (No subject) (33).emlGet hashmaliciousUnknownBrowse
                                                (No subject) (29).emlGet hashmaliciousHTMLPhisherBrowse
                                                  (No subject) (24).emlGet hashmaliciousHTMLPhisherBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    gcc02.safelinks.eop-tm2.outlook.com(No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                                                    • 104.47.64.28
                                                    (No subject) (53).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.65.28
                                                    (No subject) (50).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.65.28
                                                    https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0%3D&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                    • 104.47.65.28
                                                    https://naatsihwp-my.sharepoint.com/:w:/g/personal/jodie_naatsihwp_org_au/Edt9QgU4WchFkzsysfjUqRYBtCY1xbWi-QqcZStxuCuHSA?e=VULAwM&xsdata=MDV8MDJ8amVubmlmZXIuYm9uaG9tZUBiaWEuZ292fDhhNDUwMWUzYjFlZDQ2Y2VhZjM4MDhkY2I3YjgxMGFifDA2OTNiNWJhNGIxODRkN2I5MzQxZjMyZjQwMGE1NDk0fDB8MHw2Mzg1ODcyNDg0NTg5OTY3NzN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDYwMDAwfHx8&sdata=dnVxOEVGZEZPSGZxOXA2VTg5cjVhdzRjbnZ4bi9EZ1ExMmRQMDhGc1dBST0=&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc2MjguMjAxODgiLCAiT1MiIDogIldpbmRvd3MiIH0=&CT=1723128099484&OR=Outlook-Body&CID=105B1456-7270-4DC7-9A69-06C4F6528AF5&wdLOR=cB591A482-0A5C-483B-995F-86112B427CD5Get hashmaliciousHTMLPhisherBrowse
                                                    • 104.47.64.28
                                                    (No subject) (48).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.64.28
                                                    (No subject) (45).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.64.28
                                                    (No subject) (44).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.64.28
                                                    (No subject) (43).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.65.28
                                                    (No subject) (39).emlGet hashmaliciousUnknownBrowse
                                                    • 104.47.65.28

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSnested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..emlGet hashmaliciousUnknownBrowse
                                                    • 52.98.242.242
                                                    https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bKGet hashmaliciousUnknownBrowse
                                                    • 40.99.150.18
                                                    https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                                    • 150.171.28.10
                                                    (No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                                                    • 104.47.65.28
                                                    Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                    • 52.98.171.226
                                                    https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                    • 20.119.128.8
                                                    http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                                                    • 23.101.158.41
                                                    http://esc-dot-wind-blade-416540.uk.r.appspot.comGet hashmaliciousHTMLPhisherBrowse
                                                    • 52.98.179.50
                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                    • 13.107.246.57
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                    • 52.123.240.23

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    28a2c9bd18a11de089ef85a160da29e4nested-ConsultTrustNorth-payment Requisition #42 3L# 1414 18 Dock.pdf..emlGet hashmaliciousUnknownBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    https://netorgft13995914-my.sharepoint.com/:f:/g/personal/joshg_tekton-builder_com1/Em3c3_jzJWtIg7W_bMwKbCgB2tM26D8KPHUEkttYIezrMg?e=3Aq2bKGet hashmaliciousUnknownBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    httpsworker-nameless-haze-86e5.berwieberwieberwieberwieberwie.workers.deveba=.htmGet hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    (No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    doc1.exeGet hashmaliciousClipboard Hijacker, Snake KeyloggerBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    (No subject) (59).emlGet hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    http://email.e.quickshipping.com/c/eJxszLFSxCAQgOGnId1lYHchWFDY5D042JOdXGJkg45v72ht-88_X03gYiw8cXILUIjBeze1RKEwBLTBu5CDj2gBGWPMD-I7P9wkCSyQjRCcRwKcq1uWSEzW40spdTFkef4YUjZtcp5yvM3lfZ-eqV3XqQZfDawG1jtv0ud8ZeUmfc8b99_PwPp13uQoz1FZDaydq3QulwHUPatmQ3a079vQP7an_-pngp8AAAD__zWIRVUGet hashmaliciousUnknownBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    https://t.co/CFNobJuJq9Get hashmaliciousHTMLPhisherBrowse
                                                    • 40.127.169.103
                                                    • 52.167.249.196
                                                    • 20.190.159.71
                                                    • 51.104.136.2
                                                    • 40.127.240.158
                                                    6271f898ce5be7dd52b0fc260d0662b3(No subject) (60).emlGet hashmaliciousHTMLPhisherBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    RFQ No. 109078906.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    Pago pendientes.xlsGet hashmaliciousHTMLPhisherBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    https://steamcommunityj.com/giftcarts/actlvation/feor38565Drgs18Get hashmaliciousUnknownBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    http://o62arw.dsjpropertymanagementllc.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    SecuriteInfo.com.Win32.Evo-gen.32510.30631.exeGet hashmaliciousGhostRat, Nitol, RamnitBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    Produccion.exeGet hashmaliciousGuLoaderBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    validacao_residencia_subsidio_mobilidade_porto_santo - renovacao.exeGet hashmaliciousGuLoaderBrowse
                                                    • 13.107.5.88
                                                    • 20.44.239.154
                                                    • 104.93.21.160
                                                    a0e9f5d64349fb13191bc781f81f42e1https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                                    • 52.182.143.211
                                                    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                    • 52.182.143.211
                                                    file.exeGet hashmaliciousLummaC, VidarBrowse
                                                    • 52.182.143.211
                                                    1YC268KfwD.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    PqyFc2vziL.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    egaAfKJAg6.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    3E4lHODAzI.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    XM7drU6O3G.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 52.182.143.211
                                                    RFQ No. 109078906.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 52.182.143.211

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827181458Z-166.bmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PC bitmap, Windows 3.x format, 119 x -152 x 32, cbSize 72406, bits offset 54
                                                    Category:dropped
                                                    Size (bytes):72406
                                                    Entropy (8bit):0.08512285737187829
                                                    Encrypted:false
                                                    SSDEEP:12:zstOmRat3at1xaXRatbat3alafFCa1jadaERaeaQRamRaob:zsF8tqtDht+tqAPsYE8FQRlRP
                                                    MD5:73B7997FBA14F7ECFBC43AC5A4F9D9EA
                                                    SHA1:38C7A578ED23B7C2B66CDD991809D2E7D0E46240
                                                    SHA-256:E25132C776014E17A715FCF4F7EE4720AA832F368666257FDB89E93D02AB285F
                                                    SHA-512:93C586A26A8D49138C3F06829C7494E7F51E8235CDF348D43CDBA179B6B7E295784729C92767E9214E02AEC0D4BFBDAEED124E9FE0D53272B637C3DBB43F6AD0
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:BM........6...(...w...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                    Category:dropped
                                                    Size (bytes):86016
                                                    Entropy (8bit):4.445205161674364
                                                    Encrypted:false
                                                    SSDEEP:384:yeUci5tziBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:8As3OazzU89UTTgUL
                                                    MD5:0FEAE2252A9064DF266DD8FFF2D57E2A
                                                    SHA1:B030CAE075F8DD07DF522B4E57FB284BE11F81C0
                                                    SHA-256:87D8DB6567724EDA30A1A3CCB5514F902765F3FD5FC447F30F546D64D8880AAD
                                                    SHA-512:CA2C6A80163B7DA0146EF7E69AD74AD49E173FAD9EE28426791D643EC42698D98650150DEA2B4F4B21A00CE4DC0FCCCF5366CA60823F8C5D37DF644BA60B768A
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):3.775831183832183
                                                    Encrypted:false
                                                    SSDEEP:48:7Mk9p/E2ioyV7YioyioWoy1CPoy1e7KOioy1noy1AYoy1Wioy1hioybioyQNoy1q:7hpju7Yo4xXKQPfZb9IVXEBodRBkO
                                                    MD5:E79D2E210115568FE15628D4D0A3BCCD
                                                    SHA1:570137060B3BEBF94AF8C5D729F6AE0ECD35A59B
                                                    SHA-256:B7CAA5763245D09E39A353B11A06855352FB6ED2AA7E85C95A2BF7F5EA44F97F
                                                    SHA-512:0DD1971966B28B1B99B76F5B070CF6688ED5EBB3D1F2B8C63514921D56A01688CC7AECAAE7ECF723CB50A9A05E413B8F6060DA525ECB2C0435BE9046D77D0A8A
                                                    Malicious:false
                                                    Preview:.... .c.......?................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                    Category:dropped
                                                    Size (bytes):71954
                                                    Entropy (8bit):7.996617769952133
                                                    Encrypted:true
                                                    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                    Malicious:false
                                                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):893
                                                    Entropy (8bit):7.366016576663508
                                                    Encrypted:false
                                                    SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                    MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                    SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                    SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                    SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                    Malicious:false
                                                    Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):328
                                                    Entropy (8bit):3.144086598890895
                                                    Encrypted:false
                                                    SSDEEP:6:kKFll99UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:tllkDnLNkPlE99SNxAhUe/3
                                                    MD5:4F63E8D8E106A54C6C3623EFB1E936BE
                                                    SHA1:3C83B6F4C39A1A8C06C1C8C928C695BFD82F2502
                                                    SHA-256:B917C2E917F2C21908386B380748CFA8D31EEE9023DFC291828968050F38A9BF
                                                    SHA-512:9653403EB1C67B0013A79F60885497649E4B8C9B96CCB59CAC64A75D87434308D484F7445AEBEE7F5E244EEAEAAC3D2A53B19B797227406BCEC65D5BED56E5DC
                                                    Malicious:false
                                                    Preview:p...... ................(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):252
                                                    Entropy (8bit):3.0264678871426307
                                                    Encrypted:false
                                                    SSDEEP:3:kkFklqgqltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKVgqLxliBAIdQZV7I7kc3
                                                    MD5:6260E268D695CF26057A338A58B74E21
                                                    SHA1:6A20DEFB8F4C54FE7914370F49B88AC8583CFEE4
                                                    SHA-256:B7F0CA028DA97533FC51D90BCE1B33272575E95697F21A285B1E0BA33EACA4FB
                                                    SHA-512:F247101EB0FFC5A075963BA7D190280368FFFD3ED40CE5F08A14AF92522A2C581750FCCC0C635EAAD37749A22959D26DE02409522FFB130659F0721D46A297A7
                                                    Malicious:false
                                                    Preview:p...... ....`....8......(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5844

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PostScript document text
                                                    Category:dropped
                                                    Size (bytes):185099
                                                    Entropy (8bit):5.182478651346149
                                                    Encrypted:false
                                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                    Malicious:false
                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PostScript document text
                                                    Category:dropped
                                                    Size (bytes):185099
                                                    Entropy (8bit):5.182478651346149
                                                    Encrypted:false
                                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                    Malicious:false
                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):295
                                                    Entropy (8bit):5.374268956492348
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJM3g98kUwPeUkwRe9:YvXKXajJSY8hQIOQ4FZGMbLUkee9
                                                    MD5:A5B29F8F52F32EE26B33E27088D9B5AD
                                                    SHA1:15750C5917667E3106B5C9835E8270AB1370F5F6
                                                    SHA-256:F6CDDFA899C4F9936D809E1246BA7C04D161F8A2508B837F0D3C02AF3B430356
                                                    SHA-512:3E8AC86BB68D742102592AB5A08429B07E885D74421E3C05CC12CE581CF05249351F651CD7B09D72607A15B868268D8A4AC3B673C7FC7874B48E7AF407EF1782
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.321499292479871
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfBoTfXpnrPeUkwRe9:YvXKXajJSY8hQIOQ4FZGWTfXcUkee9
                                                    MD5:F994D656035D52ED63E2B60EE0E798AD
                                                    SHA1:9A7EECC31577AA115039AFE81AFA5D980C3C50E9
                                                    SHA-256:7025DFC30260ABEF58E0AF6E1F6C687DEEC4995F8A8ADA4E0411206A2426250C
                                                    SHA-512:93B7D87CF1B75B20A312D86F0BAE78E3532C22FA61A4C435DD3F73B075C769E3E89E1D4F2B6736C3236DAA1A1D77E20A609CE190DBD3C22B357DE9F42CF0D75F
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.2993493860569405
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfBD2G6UpnrPeUkwRe9:YvXKXajJSY8hQIOQ4FZGR22cUkee9
                                                    MD5:39306F231549F325A6117CF7D4CEFD61
                                                    SHA1:B1B9F0E8BBB97C809489971BF0214D89AF6B5FCE
                                                    SHA-256:48B0B05F1398FD25B6A40942A31BA3A654DDDB1338B22AB2C9C9ABB31441F49D
                                                    SHA-512:2EFBCC7D319ECB35DE3E3D79F3D47E0570267D539D46FC7FD4E395F4226B6D33F63AF881E1B4EC070A658932B15682251E456C3CA4016FB3C363855C15D4AF71
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):285
                                                    Entropy (8bit):5.365041265995355
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfPmwrPeUkwRe9:YvXKXajJSY8hQIOQ4FZGH56Ukee9
                                                    MD5:A6ABFC4C6747970E85E89AB8D4D3DDCF
                                                    SHA1:D55F4C13FE719E558D49F87EA4E0F88912B439BF
                                                    SHA-256:1E6685F56ACBCC186C8508E4D1088AD23C01004139ED71C0E2D51F65E02DE4EA
                                                    SHA-512:4133A27E35CCDF4152EAE7017B355A0691A61D2F3EE41A0BBE0944A6200CA721C59781223608831CB6992EDF3987A07523D8E8223B7E0BD9617CC2979A312E30
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1063
                                                    Entropy (8bit):5.6749908264839615
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV4opLgEFqciGennl0RCmK8czOCY4w2h:YvhjJ4j4ohgLtaAh8cvYve
                                                    MD5:2A4A2555E311EA42ED72952917354C56
                                                    SHA1:6EEDDC9AE2F82A74EDE6895E5011C1BF2A6363D5
                                                    SHA-256:FF99256D0AF002DEA427C90028A2393BAF57F2E9DCD0457D240E454A6FFAF767
                                                    SHA-512:7FFB74858330E244FC5971DC0CE0CB41631EBE6AFDDD1B7A66F8999950C3EE998875B27E5ADFFF6935AD9DC289BB042C6248EAB64DB60C789AC79297C81C7529
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1050
                                                    Entropy (8bit):5.663515992328578
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV46VLgEF0c7sbnl0RCmK8czOCYHflEpwiVh:YvhjJ4j46Fg6sGAh8cvYHWpws
                                                    MD5:565974CFD92F13ABB143D37E9AD1B6B2
                                                    SHA1:C50572BADEC8FF9072FD1626E30C6578D4762C85
                                                    SHA-256:2C39BD46782637B3E175234474EB66C8D8A4DF9569FB1FB265C60036CB604F1E
                                                    SHA-512:F7C80EF64A5FD4C1FB8F5661D6D2E12E3C7B0027E945841D73F81D9AACB8EA2AC2CA097D4ABCB84E9B595D39C8B693E9744114C3F8C1DCE32D61C8A017DF7B50
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.314752828453205
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfQ1rPeUkwRe9:YvXKXajJSY8hQIOQ4FZGY16Ukee9
                                                    MD5:F2153CFC55FEAC8C8B23DDB9BDB4C7D6
                                                    SHA1:A0248E0A7221A24EFB0DE43A18D7C1F0E7B0B5C2
                                                    SHA-256:EDF830441741186A970DC14F849F554121A02709268296DE02D132F8495AF9D9
                                                    SHA-512:A492E60FA9EB0AF7FE5623CDAD8F7A812B5E69D4B846349EB084FA5C9667EFF19158107348CBD40A71F4E5B1FBAE84BF6A13167A36444E25D0852F9E0EB232B1
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1038
                                                    Entropy (8bit):5.657160768050686
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV4n2LgEF7cciAXs0nl0RCmK8czOCAPtciBh:YvhjJ4j4nogc8hAh8cvAn
                                                    MD5:3A1E4AB19BF4FE2807C4EF943BBFABCD
                                                    SHA1:7A93EFC8074271C2A0D8354F7663B9D67D5E4D36
                                                    SHA-256:AE9E5B201836520CE5754B57CEB45AB5A849FD4044855674007F5591BD38C73D
                                                    SHA-512:6EA66B139C3DB206A43C672DA84755ED8A8EE33D3C762DB7A4DB9100ED173F47305A2434D86A18D2E9A5B013D70DE67FDC72D73C60B6BB042ED917C6AF818389
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1164
                                                    Entropy (8bit):5.703214393455057
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV4LKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5h:YvhjJ4j4LEgqprtrS5OZjSlwTmAfSKz
                                                    MD5:260324E6935FACD3F63AC30CFBBF9358
                                                    SHA1:6671649046993C8DF048501F1833BF7B2988DE88
                                                    SHA-256:7807EAB93D434BD83C2E0CBE4A365898675ED88B95FBB140917DCEBDA053C29D
                                                    SHA-512:051EA50B775058A2C06D877B60BD643882A724EA6A4F3279D26989713D4118CE158FF1F71E01B9FD2D62604C89C6C260817D6A437A6DC15EA9742085CD2BBB4C
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):289
                                                    Entropy (8bit):5.319858952835749
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfYdPeUkwRe9:YvXKXajJSY8hQIOQ4FZGg8Ukee9
                                                    MD5:9362C75AB58A1372532FE1165228A338
                                                    SHA1:74242664D85B4CBCE2FECB88E9545927159F2829
                                                    SHA-256:EA5D7F8245FED79171121A77D4BBEBC06D178A3D5D269E9A31BAD59B5DE522FD
                                                    SHA-512:F980D58FBD728A7053BE1D48E7938B4F90FC3E646107D413B7D12ACE0CBD6586D3AC27030AD3A2377FF097A65B7A6AB2F3BD7B0256AD415C0C9A224F6F538EE7
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1395
                                                    Entropy (8bit):5.779817254318785
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV42rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNa:YvhjJ4j42HgDv3W2aYQfgB5OUupHrQ9w
                                                    MD5:791B545540F95AF2D6D119FE4CFDF80B
                                                    SHA1:8C7451F3BD6B4F3425CCDD33522C831B6C643C67
                                                    SHA-256:56D7F3D5667A3FBB8B2EE414FC3E917AA1FB4DB816D11EBCC27D4B5DDBB9AFAC
                                                    SHA-512:CD8DB32C7741C9083F75FF885A51288F172AC424872DE366A3272EF4A024A51DB83B30332FD63EFDECE0F97C6265CF1CCD74166C8D2EDC82869A1E19CA60773E
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):291
                                                    Entropy (8bit):5.303269562861257
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfbPtdPeUkwRe9:YvXKXajJSY8hQIOQ4FZGDV8Ukee9
                                                    MD5:7658CE073C9E4B12E8BC616B4ED7B7FB
                                                    SHA1:C46FB0A386C15714EDF1B2E946AA736ACDE07ACF
                                                    SHA-256:4D2A80C0A3C80FF84A65C3C3DC43A621874FDDAA5C33E52AA807497E2C5A75B7
                                                    SHA-512:61115E8DA569CC8FEA43479E7706DEA0F463FD03B09A20994E96C7F240D3341B0166C08FD19AC6281730718C3DDE927B08F9BA5B1AB08619E0ACB403687A51F7
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):287
                                                    Entropy (8bit):5.307221626325354
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJf21rPeUkwRe9:YvXKXajJSY8hQIOQ4FZG+16Ukee9
                                                    MD5:2C56CDCE8160827B008FBB9927668079
                                                    SHA1:C771F82EA0BA39E10E297DE159C4308FB970A932
                                                    SHA-256:FBABCF03D3DEFD25AFFE4AB9178F5EBD26637AB507EB830A2A8609591541DAD9
                                                    SHA-512:0580F1BCC459E0976BF3962998FF403A013469C9B4A880D9DAB29653F9683258CE487CBFE135303857A00DA38DC34C7D1C8A63209089B2D1ADDEB1657D4B7C77
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1058
                                                    Entropy (8bit):5.665539723122918
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XajJ4JV4camXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bh:YvhjJ4j46BguOAh8cv+NK2
                                                    MD5:E6B084B9742A04FC9A0F4343416DE5CA
                                                    SHA1:92E7B3D53C2C481E7C21CAA159E9183F5C6BA163
                                                    SHA-256:009D278C9ABF51F19A6162E5797209E8BF83BB4CF0DE7789ED7554255BD8576B
                                                    SHA-512:59FD7EAD20C66F71253B3F8E699DC5DACB4163821B8266E10F58D321D9F4FC7C5151C0AFDFB82740481D19E38178F87006712F48DA9C4CF969D46804E867CCAB
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):5.283351399874301
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXlAjJS+r8hgnIOQF0YKHFqoAvJfshHHrPeUkwRe9:YvXKXajJSY8hQIOQ4FZGUUUkee9
                                                    MD5:C72A7CC8AE78DF587C83CB22DC8FC0C3
                                                    SHA1:0A405C64FF6A3D7B28C610488E3BBB0CA41EA5B8
                                                    SHA-256:C99612346E4208CDB2E0CAF8866F7BB1EFD7CB0E933F1798412C3B7A7DC23BB4
                                                    SHA-512:8F6401DCF9446D09F6BC316C3CC04181ECED11872B29FD0116C5683B35B8B788C9717673211CFA37221FA2BE1BC5C29F3EFF586A9837FC201DE69C19B9C8BF69
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):782
                                                    Entropy (8bit):5.3830985121989166
                                                    Encrypted:false
                                                    SSDEEP:12:YvXKXajJSY8hQIOQ4FZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWNw:Yv6XajJ4JV4D168CgEXX5kcIfANh/
                                                    MD5:E334B477013B30B11E9061DBA29CAA29
                                                    SHA1:46ECD7FAD4DD6DED202553F59E69A2796B32443D
                                                    SHA-256:ACEA7A21A49110777A6E5AF1ED50227DF3F441B1FD14C97E6B82648B246ED6F6
                                                    SHA-512:3A172B7FB5F7C2A42EA0CAA9211AE727327BF3313C45EF48C6866409FF4539565818B59FD897933F2F261E177761BF81307F8F33FAF332EE476E118F137D1A95
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"f3a13ea6-1ccc-4f58-b367-fd3b1a43099b","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1724961930884,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724782500915}}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4
                                                    Entropy (8bit):0.8112781244591328
                                                    Encrypted:false
                                                    SSDEEP:3:e:e
                                                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                    Malicious:false
                                                    Preview:....

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):2818
                                                    Entropy (8bit):5.128120999085471
                                                    Encrypted:false
                                                    SSDEEP:48:YAW8l0khQAWVOdGMTBypk4sYhq35Mq89oXXk:HGkhQpOkIBQkuqJMbYXk
                                                    MD5:490DC56AA1EC3511E23CAC52D2BBC8C5
                                                    SHA1:75B16DFFB3491AEE3EC7B87E5D89768FE0BB8AB1
                                                    SHA-256:5EC4140B953B638E1008C0CBF5CDBCD779FB5F643E14EC8918FAB6D0C8774368
                                                    SHA-512:B85A42C41620FA7C1409E750682FB70A7328592CD1C6CB53C163EB0E262D2786F191768311704CCCB196DE6100C1A81FB4338010419C71DBCC94C8AF9ABC327F
                                                    Malicious:false
                                                    Preview:{"all":[{"id":"Edit_InApp_Aug2020","info":{"dg":"76cbb344d4ef844056f0297c49c927df","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1724782521000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"61fcee91ce9fa3634af5aa2e4e10535d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724782500000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"53f48d8c1fa3102042a0318ec1a704ec","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724782500000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"dd7d0c9bf49f561cb2f2f0b627aaeb90","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724782500000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"db5d281b6b42494b543dd65f92ae2187","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724782500000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"72d0c77be6c926c96fa5e548fef61e58","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":17

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
                                                    Category:dropped
                                                    Size (bytes):12288
                                                    Entropy (8bit):1.4577360110818582
                                                    Encrypted:false
                                                    SSDEEP:96:/VmsnyVaydoAoDoTJoTKkovkoBkoro/oLogVXgt4h:okykydh
                                                    MD5:F8CA8287E0A71505221DF33D586B6098
                                                    SHA1:46C912151CFC9FF940D4B8948F4098FC1FB79329
                                                    SHA-256:231D4FBAD6C9271134F3AC2C2A76984EAFE7AC62D9271D5B6B628F077569FA8A
                                                    SHA-512:94EA3871AFC8645D71C50CC80B5726EEE9C609DEB72ADE56E5A4F6D03C3EAB442D26EA5085F9F5B7FBF02D1DCD45B0FDA4BDF58D28E702D4017E2283AF8C618B
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):1.9625922094392103
                                                    Encrypted:false
                                                    SSDEEP:96:7/8yVaydoAoDoTJoTKkovkoBkoro/oLogsXgt4VaVmsqv:70ykydynR
                                                    MD5:9F6741915D3A23B750787D4C69835B8F
                                                    SHA1:62463080F052C12A402581379E66A36F185ED4B4
                                                    SHA-256:1E74AF464DC838B8DE869F46127D6F4BAE45CFA7E66398A528E4EF4A32D0536C
                                                    SHA-512:4A8195E5A3F156BB885410818626EA3D2BE98FC5A384D8E73C37BF4E274F9D1493532F42AAA73AF06098E3F10C743B4B950EA3BF3120D38FBD32E98FC504DA50
                                                    Malicious:false
                                                    Preview:.... .c..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):231348
                                                    Entropy (8bit):4.390059727848725
                                                    Encrypted:false
                                                    SSDEEP:1536:fyYLXIgsbyysIFrQrgsGBNcAz79ysQqt2ClLcqoQ+urcm0FvZwXlyg2m5nGtPIc4:x4gjm4gFmiGu2zqoQjrt0FvdkICN70WL
                                                    MD5:1CEED591114D182C7598312BD3E45D26
                                                    SHA1:607D254B68357DD5EB12C5260864C2CE15BB751A
                                                    SHA-256:2165CD8C7A8922289A0B933F24F4D0E6656904E6ACF2C91B1503F22532CFC410
                                                    SHA-512:307C12967883D567B4FC7E913EF6DD8E52C72B8C9B9C39CD449D5EADD23C000CE790598C2F8541C748F3FB92CEC93D2A531E74AD551359026B8F025B967C3526
                                                    Malicious:false
                                                    Preview:TH02...... ............SM01X...,..................IPM.Activity...........h...............h............H..h...............h........p..H..h\nor ...ppDa...h@=..0..........h...............h........_`.k...h...@...I..w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h.X......0.....#h....8.........$hp......8....."h.d......@e....'h..............1h....<.........0h....4....k../h....h......kH..hH...p.........-h .......\.....+h............................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):322260
                                                    Entropy (8bit):4.000299760592446
                                                    Encrypted:false
                                                    SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                    MD5:CC90D669144261B198DEAD45AA266572
                                                    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                    Malicious:false
                                                    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):10
                                                    Entropy (8bit):2.5219280948873624
                                                    Encrypted:false
                                                    SSDEEP:3:LBS7Y:t8Y
                                                    MD5:23EB71F2E1EEF64CDF29ED077F2A8B04
                                                    SHA1:85CC98F3F1AA72DBA85F8A53D5BB1A3F6D36F713
                                                    SHA-256:B4C8107444546DB9D2409547A313D2E5AA707B6C567CBCF96C9504E1062012A2
                                                    SHA-512:9710802E88DA6183484CBF759803A038FC4E2F6D81BE7ED04C0337DDFCEB6F116F23D1AA6ED4C6AFFBF3DD932D02B676DD9F04A61BB273B080D030E07A506200
                                                    Malicious:false
                                                    Preview:1724782461

                                                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):4616
                                                    Entropy (8bit):0.1384465837476566
                                                    Encrypted:false
                                                    SSDEEP:3:7FEG2l+toell/FllkpMRgSWbNFl/sl+ltlslN04l9Xllqn:7+/lbeBg9bNFlEs1E39S
                                                    MD5:591DF2BA87FC9DE5AB6594BD96633EEE
                                                    SHA1:2ED9BEE459221F77308651C9DE1FE2E02E1DFDA3
                                                    SHA-256:F1B1344914B4E8C7F6D1CC5C9C543A0A672E1A22780580F4DDAED96203973EF0
                                                    SHA-512:6AD849B6512E930E2D7C6AE3214279F0FE9AEFA10815F1BD020FD1FE2B6156B9EDD8DB9743CAB737CFCEA23A2B267CFBE941AEC1F4239A8BFD2C396C9F24C4D3
                                                    Malicious:false
                                                    Preview:.... .c........j....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj (002).pdf

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                                    Category:dropped
                                                    Size (bytes):152772
                                                    Entropy (8bit):7.820144132831358
                                                    Encrypted:false
                                                    SSDEEP:3072:9Jp/QzgaPJ2FHnf4WrVvlB+zcX7VlyNBpW+55/dPuwC/4vc2FYPXrhDk:laJ2FHwW/B+z6VczpJbur/Qc2FA1A
                                                    MD5:671F6B1C8B3D9CC0A337D63AAA0736E7
                                                    SHA1:33E9AF6ED0BCBA57A0DF6198DCE0D53410740042
                                                    SHA-256:60D6D2B2032B6E9893F15B1CFAC3BE3D7C1E9D39873ADDCCB070C24AC009C2AE
                                                    SHA-512:93C310343BC29F9FCF9350987096EA1D1A7C77C40E5E6B0E67B091682E9963D47ECE57E94CCBC698C264E920ECB72F6F640A2A495AE8421B8E36F6935773FFCC
                                                    Malicious:false
                                                    Preview:%PDF-1.6.%......2 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLtHjENMgp 3 0 R>>>>/Filter/FlateDecode/Length 79>>stream..x.+.2T0.B......S....^.......O.2.P0.314V02P07.366V(J.J.2...A.&.`.....9B..2@...endstream..endobj.3 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLbWZSUjMc 4 0 R>>>>/Filter/FlateDecode/Length 86>>stream..x.+.2T0.B..................O.220.366V04.371W04.p-.......R......|C.=.. .`d.......4.endstream..endobj.4 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLbxTtYmJd 5 0 R>>>>/Filter/FlateDecode/Length 100>>stream..x.+.2T0.B......T.R.........O.2P..3.P030.333W0.4..E.\i@.t.#.s=ccc..3.2S0.........7.KB.&.`.,..X:...endstream..endobj.5 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Group 19 0 R/Resources<</ColorSpace<</CS0 6 0 R>>/ExtGState<</GS0 8 0 R>>/Font<</TT0 9 0 R/TT1 13 0 R>>/XObject<</Im0 17 0 R>>>>/Filter/FlateDecode/Length 2309>>stream..H..W.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj (002).pdf:Zone.Identifier

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:modified
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:gAWY3n:qY3n
                                                    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]..ZoneId=3..

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                                    Category:dropped
                                                    Size (bytes):152772
                                                    Entropy (8bit):7.820144132831358
                                                    Encrypted:false
                                                    SSDEEP:3072:9Jp/QzgaPJ2FHnf4WrVvlB+zcX7VlyNBpW+55/dPuwC/4vc2FYPXrhDk:laJ2FHwW/B+z6VczpJbur/Qc2FA1A
                                                    MD5:671F6B1C8B3D9CC0A337D63AAA0736E7
                                                    SHA1:33E9AF6ED0BCBA57A0DF6198DCE0D53410740042
                                                    SHA-256:60D6D2B2032B6E9893F15B1CFAC3BE3D7C1E9D39873ADDCCB070C24AC009C2AE
                                                    SHA-512:93C310343BC29F9FCF9350987096EA1D1A7C77C40E5E6B0E67B091682E9963D47ECE57E94CCBC698C264E920ECB72F6F640A2A495AE8421B8E36F6935773FFCC
                                                    Malicious:false
                                                    Preview:%PDF-1.6.%......2 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLtHjENMgp 3 0 R>>>>/Filter/FlateDecode/Length 79>>stream..x.+.2T0.B......S....^.......O.2.P0.314V02P07.366V(J.J.2...A.&.`.....9B..2@...endstream..endobj.3 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLbWZSUjMc 4 0 R>>>>/Filter/FlateDecode/Length 86>>stream..x.+.2T0.B..................O.220.366V04.371W04.p-.......R......|C.=.. .`d.......4.endstream..endobj.4 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLbxTtYmJd 5 0 R>>>>/Filter/FlateDecode/Length 100>>stream..x.+.2T0.B......T.R.........O.2P..3.P030.333W0.4..E.\i@.t.#.s=ccc..3.2S0.........7.KB.&.`.,..X:...endstream..endobj.5 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Group 19 0 R/Resources<</ColorSpace<</CS0 6 0 R>>/ExtGState<</GS0 8 0 R>>/Font<</TT0 9 0 R/TT1 13 0 R>>/XObject<</Im0 17 0 R>>>>/Filter/FlateDecode/Length 2309>>stream..H..W.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf:Zone.Identifier

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:gAWY3n:qY3n
                                                    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]..ZoneId=3..

                                                    C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A74F9330-EF48-47B4-9B70-118016E011F4

                                                    Download File
                                                    Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):173125
                                                    Entropy (8bit):5.290338268960283
                                                    Encrypted:false
                                                    SSDEEP:1536:Si2XPRAqIbz41gwErLe7HW8bM/hMYcAZl1p5ihs7gXXpEIJROdYd:pHe7HW8bM/AXOZ0
                                                    MD5:E236ECF8D4B5E71C53F30E981BFA5247
                                                    SHA1:134945756A0DEE711F265242195C894A3CC43B93
                                                    SHA-256:8503DD9EEB2AAB676EE1F8A44000C1D496BFEB3053221F8C96B98F79AD17D6B3
                                                    SHA-512:C3D9187D9D77FBDFEB7DF4B099CEE5B9CAF40A2ED49A3DDD210EEBFDCB83E90065C7EC3FA3E34CAE9A55DD645FA151A8440F9524B39E1F2230C7389204E58BD1
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-27T18:14:41">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                    C:\Users\user\AppData\Local\Temp\MSIde644.LOG

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):3.5162684137903053
                                                    Encrypted:false
                                                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AARDHXH:Qw946cPbiOxDlbYnuRK+3H
                                                    MD5:F487A47F35D7AB61091E64330A7D2F60
                                                    SHA1:248106910820214FDD6833F355B88FCA8C459507
                                                    SHA-256:92B7F9943C7690DF6EA5A00D1C76F385F605C191DE530E9E8ED3EF444F508C1A
                                                    SHA-512:7069E433240FD2A703859ED9FA4A957E28D0E33134EF7E4FCD2A90C4D7992B4790457825978D9D616D2E65C27E82CCF047EC0FB7CDFF6E882A2039971E83A12F
                                                    Malicious:false
                                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.8./.2.0.2.4. . .1.4.:.1.5.:.0.2. .=.=.=.....

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 14-14-52-200.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (393)
                                                    Category:dropped
                                                    Size (bytes):16525
                                                    Entropy (8bit):5.352085917943317
                                                    Encrypted:false
                                                    SSDEEP:384:QvbUDndepwY2glOjhQlvt07jGviSggyrKMaAYqu1NGZnGWtDtxtAtoDtBt8tBtwz:x5xP6In+n+/ku
                                                    MD5:E89CDF7025B70E5A72FFC801BADFB345
                                                    SHA1:2C55C26FD5231BEBD6531BDB7962D12BE288A1BB
                                                    SHA-256:2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C
                                                    SHA-512:22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621
                                                    Malicious:false
                                                    Preview:SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 14-14-57-022.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (393)
                                                    Category:dropped
                                                    Size (bytes):15033
                                                    Entropy (8bit):5.335507072627022
                                                    Encrypted:false
                                                    SSDEEP:384:cYyK0e+l9jImbBi90Vgox76NhYMpnGm6FYnbFtm4vfeuk4pNXAmDiZi56kCtapxH:0u9
                                                    MD5:AC05F694FCDC43BDAE76A4806731D037
                                                    SHA1:F8B3BA332BAE88F3E625CB7C1212A04EDDA299FE
                                                    SHA-256:3907EE6F122287CDF7D24E6FB8D21B740798C9366C2164727F636F5B9EC18C39
                                                    SHA-512:E0E2225735B6F4232C552CB0CEA4B6D49B9797CBC23F2B7FD050C7E0D4A42CAD2B7EF35A57334AAA66E4ED95B12EC70E0792F5AC1229A8E27A5C64E54E8286C7
                                                    Malicious:false
                                                    Preview:SessionID=919d7157-b9df-4f47-bb8c-e8dfddcb997b.1724782492310 Timestamp=2024-08-27T14:14:52:310-0400 ThreadID=8132 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=919d7157-b9df-4f47-bb8c-e8dfddcb997b.1724782492310 Timestamp=2024-08-27T14:14:52:316-0400 ThreadID=8132 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=919d7157-b9df-4f47-bb8c-e8dfddcb997b.1724782492310 Timestamp=2024-08-27T14:14:52:316-0400 ThreadID=8132 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=919d7157-b9df-4f47-bb8c-e8dfddcb997b.1724782492310 Timestamp=2024-08-27T14:14:52:317-0400 ThreadID=8132 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=919d7157-b9df-4f47-bb8c-e8dfddcb997b.1724782492310 Timestamp=2024-08-27T14:14:52:318-0400 ThreadID=8132 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):41597
                                                    Entropy (8bit):5.407947449353039
                                                    Encrypted:false
                                                    SSDEEP:192:4cbUI+EcbBcb2Ie4cbhcb4IZfcbtcbGIEScbCcbwIrFcbqDcb4I5vcbZfcbOIqY8:v+ge2ZDEdro5Jqn
                                                    MD5:DB8B9737B48FAEB000C2312AEA796811
                                                    SHA1:6685FDCCF096D09534B3578692161B0CD5D76651
                                                    SHA-256:A67F44A58B672D7F60EA2FE669BD1C359F452784663622503B2EC4B2B9EB1B3A
                                                    SHA-512:C5C7B7852891EC2ED21008B3C7A5760A81F4F1C0A9472B72FB50F7DC5DB3FC0AD83BE586F658911B804661D7547CDD09FAE4A239CFA4C5AF357D79154D8C928A
                                                    Malicious:false
                                                    Preview:06-10-2023 12:14:34:.---2---..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 12:14:34:.Closing File..06-10-

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\d57f05cc-d7d4-4563-ad3d-e75ea140cf9e.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                    Category:dropped
                                                    Size (bytes):1407294
                                                    Entropy (8bit):7.97605879016224
                                                    Encrypted:false
                                                    SSDEEP:24576:GqA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:5VB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                                    MD5:408F8BA5ED5014C1E10FA19D75C944A6
                                                    SHA1:87595F69D692B4D785AAFAD71394426879C7980F
                                                    SHA-256:FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
                                                    SHA-512:01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
                                                    Malicious:false
                                                    Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\f02c4a37-4e0b-4af1-88ad-ad54d19798ef.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                    Category:dropped
                                                    Size (bytes):1407294
                                                    Entropy (8bit):7.97605879016224
                                                    Encrypted:false
                                                    SSDEEP:24576:GqA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:5VB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                                    MD5:408F8BA5ED5014C1E10FA19D75C944A6
                                                    SHA1:87595F69D692B4D785AAFAD71394426879C7980F
                                                    SHA-256:FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
                                                    SHA-512:01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
                                                    Malicious:false
                                                    Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                                                    C:\Users\user\AppData\Local\Temp\olk2C5.tmp

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):21700
                                                    Entropy (8bit):6.7797359890267375
                                                    Encrypted:false
                                                    SSDEEP:384:v0Djo0hMP5go9CPyjtWZr4M1HzuvD/x8FNNdV5d/KJFOhDuH11:sFhIV9DIZvHM9iNNP5d/KJFOhDuHP
                                                    MD5:8327CB77AA2FA0D7DD498250EBFDEF35
                                                    SHA1:3681334D0633A0D7F40BBA021F8E7A8A17960B06
                                                    SHA-256:2EA78587DA75FE2964B3A4405CDBB0966B5F85151323664E075F9C229F923680
                                                    SHA-512:143D7D40BE65F8098982B3758C3129EED33D34FB45AA5F0688E1BBAF9C891C46570529480D97EEF30ADE5FD4861B1E7AAEBF9EAB6E31EDD7E3C8DC3C50FCCF91
                                                    Malicious:false
                                                    Preview:d....eI..o.?...........0....M.7..Z..y#...~......9.>.s...[l.Jk ...i.?.6.+...U...k7cg...e`gl.....X.W....>.\............J.Y....-..u.}. Y..lV.2!}.pY.Z.[....o)..J..>....Ni].{..O.mt......m..."d}."..NS.....u.../....&.\..v..R..Z..b}..~...9~(..P../..Y...o...7.XN.........."...g.B..L1.+..$#....q..\.. .n.D.I.Xc>F....n.!#...:..?.6.x3.....k...."d}.#h.;.l..e..B[..^....v*..t...5....6.9.g.^.....?.{y4...n.f.....-..zgY..4............d/.J..E2.....Y..\;;.>.vS..n..~..U.<.V.vw.~).1.3...GC............R_..vM.7j....5<L...[a.s{.9..nB.xon?../?..>..'...1I.w...c(.E.D..8.nn..T...Y._.,.L.>.;...Q..Iw..\..{_......T...n}....#_..4U..SW8.j...!<..b]..........M......+].....j_.....uN-.=GSW.V...u..=].]..`...7.U]x......N3%\...>6E........5..4G.\.[f.HE..Y.U.f.#.,....d.L...Q.m.Ve.1..i[Y..e....Dh...C.J~...0.zV.`......K(....4.#....'g.....E|..OG*.c......2.A.d. .........S.n...9..A...K........0..|:..5xW.f..H...,.R3.O.og.#...p>byb.O....oJ_L.rH..ILfE..)R........../.>1..}.W.K_.;.....x..

                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                    Download File
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):30
                                                    Entropy (8bit):1.172253928364927
                                                    Encrypted:false
                                                    SSDEEP:3:fhzlX:
                                                    MD5:E1CBFAD60A5530DA533EDB4A63B8BF67
                                                    SHA1:BF5B0E6AA35AE68889B4FFB3E0A9C8B5A455209E
                                                    SHA-256:10E977BACD58E0F10D3958E468BE1C8B173B0035AD93B51E87C97C6AB4DC74B7
                                                    SHA-512:1C92B1BE924900D5F9AABFCF41A2015FEAFD72490EA32B8F50A02141272A520E7A9926E12BAF12B0E694F4FB87A3EA39E9AE7549C93EE2C5787F04A6B53B2CCB
                                                    Malicious:false
                                                    Preview:..............................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:14:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2675
                                                    Entropy (8bit):3.9918126895657657
                                                    Encrypted:false
                                                    SSDEEP:48:8PVdpT5LqXHQidAKZdA1rehwiZUklqehKy+3:8PBVLqkFy
                                                    MD5:636A662DF8C5CE8DA9554BC0F618A92A
                                                    SHA1:AD26A6892AAA1024157C25966C4DC73545C245C4
                                                    SHA-256:1B510B78E1DEC788741B5390A68CC503F21A9EB808D67CF705725863D70D5A41
                                                    SHA-512:E11779F137890227107F2B1F454321CA0CF18C7FD1D4AD08DF2FA29C570448E42BBDDEB06CD07AFD552EEC296B1A2479D3F3D3020D2863C45BD77A863672CBD9
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,....!...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:14:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2677
                                                    Entropy (8bit):4.0054187616550445
                                                    Encrypted:false
                                                    SSDEEP:48:8szVdpT5LqXHQidAKZdA1ceh/iZUkAQkqeh1y+2:84BVLq49Qoy
                                                    MD5:9AE3C4F71988633984BC7DAD597D3A58
                                                    SHA1:0C50C5C757A96BD0ED939B3A00B1E1892B5935EE
                                                    SHA-256:A06DB3667C32628C0E986A87B986D10979F2429EE380FAE46D5D6A579A95BE7C
                                                    SHA-512:01A760F334F2846E99628F4D3EB067087ECEC36DB0628CE2786D60D1C88BE9B477B69B3507B873A13C469FCA8E4A03482C1D52177311F530F1CB3F9EEF5302C4
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2691
                                                    Entropy (8bit):4.01025869671315
                                                    Encrypted:false
                                                    SSDEEP:48:8XRVdpT5LqSHQidAKZdA14Aeh7sFiZUkmgqeh7sby+BX:8hBVLq9n5y
                                                    MD5:BEDCEE94EB4278F55007696B91906A3B
                                                    SHA1:47E3B2333FA7652E9688B96F088EC1F659394C2D
                                                    SHA-256:963FCDF39D0DB5C34583D76E4789EAEA13B6D62488DC656A79C1D448D5F18909
                                                    SHA-512:E237FEFDA6C085777BBC3FABEC767C6090AE420846146FE031272D03FB9B623859D0645ECC251EC7D365196EB49C0340C6783F5F3F83BAD62138E220C55F1D0B
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:14:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2679
                                                    Entropy (8bit):4.003979423903354
                                                    Encrypted:false
                                                    SSDEEP:48:8oVdpT5LqXHQidAKZdA1JehDiZUkwqehxy+R:8oBVLqNzy
                                                    MD5:09E0358888AEE0722CE093AC579FE68F
                                                    SHA1:DCA46EF6DB212C0F78AA09539D5F381DE195536F
                                                    SHA-256:3F8F2EF965C3DB365222A7CB2021BAF528CFE644528339D829987C1FF2EE02C5
                                                    SHA-512:E8A3B895D55294883A7689F0EF7C7FCFB3526446476E144FCAAFB986244F7C3824DC9D3BEE73560004DA883FC050C769FE1350FC4D051B1E8B8F94228680B78A
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,.....|..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:14:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2679
                                                    Entropy (8bit):3.9910265124493174
                                                    Encrypted:false
                                                    SSDEEP:48:8zVdpT5LqXHQidAKZdA1XehBiZUk1W1qehPy+C:8zBVLqt9vy
                                                    MD5:FB7ECF34A4B47B0D388116E270875412
                                                    SHA1:2F65AA5170708686C4ACCC450F16BE8EF48B07BC
                                                    SHA-256:9FAF34C5C4F2798B68458A71BB992CD226E2D94E76F562AAD8658967578ED902
                                                    SHA-512:F79A75AF42CB87B0D6B43498FA41EC2AA335CC6A70D7BC066B2E35A747969D1BD35AD2779DCD7C03545D473270EA501FA5C3276DB793691C0E0B134ABA8EF9A8
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,.....8..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:14:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                    Category:dropped
                                                    Size (bytes):2681
                                                    Entropy (8bit):4.000970416387525
                                                    Encrypted:false
                                                    SSDEEP:48:8DXVdpT5LqXHQidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8DBVLqvT/TbxWOvTb5y7T
                                                    MD5:9ACFC9C5998855286B5C35F185DCFB86
                                                    SHA1:F4D0B0BE21D6786DA1E92901ABEA7411402300C4
                                                    SHA-256:A7B649C898339988AE9A97E334CFB80C900F8ECA0834B37B3826EFA2217FD93B
                                                    SHA-512:92E41A5B33234252ECB9AB29E68BC20479CCFE6FCACB7E124CECACE1C2EA4D83A8F1255630F9DCE00266B53828B29540B57033BC680616743759DFA9CC2463BA
                                                    Malicious:false
                                                    Preview:L..................F.@.. ...$+.,....V.y.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.Y......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.Y.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.Y............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............f......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                    Static File Info

                                                    General

                                                    File type:RFC 822 mail, ASCII text, with CRLF line terminators
                                                    Entropy (8bit):6.082283963944808
                                                    TrID:
                                                    • E-Mail message (Var. 5) (54515/1) 100.00%
                                                    File name:(No subject) (61).eml
                                                    File size:237'653 bytes
                                                    MD5:be99f839a9f7be884aca6148fe909da2
                                                    SHA1:e6546325a3e827fbd7646c01c46e803a5da072eb
                                                    SHA256:9db3b82853343008944fa8b596364b1116b98c428552fda6b073279cc4fc07cd
                                                    SHA512:eaf6a9213142866ccdf53a0648860d3e5b70349ef3543478a41fdfdabcda4817b1951736e38a5d4653b34b51be9fd96627ae698b493abedd5836b1b052069486
                                                    SSDEEP:3072:aUU6KlPJvbzslRQxSaOVApceHcYLBC8I5eNXwXVyQwRvII1tbeys/A4GSrB1owft:5UT32V5VAWFYteg+eRvDyyHEI6pUnsL
                                                    TLSH:8F34DF37FAD13992892B48A4601337BF7F7851CB4E61CDB1919AA73D130CCDA8FA9548
                                                    File Content Preview:Received: from DM6PR09MB5014.namprd09.prod.outlook.com (2603:10b6:5:261::11).. by SJ0PR09MB6317.namprd09.prod.outlook.com with HTTPS; Fri, 23 Aug 2024.. 19:35:35 +0000..Received: from BL0PR0901CA0029.namprd09.prod.outlook.com.. (2603:10b6:208:1c0::39) by

                                                    Static Mail

                                                    General

                                                    Subject:message from 646*__s8mg
                                                    From:Calls <0pdai@thelastrockandrollshow.com>
                                                    To:cmolina@santaclaraca.gov
                                                    Cc:
                                                    BCC:
                                                    Date:Fri, 23 Aug 2024 19:34:08 +0000
                                                    Communications:
                                                    • You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important pnwOFFlCE-365 Dear cmolina@santaclaraca.gov, You have a new audio message from 646 388* Duration: 2min 45sec Listen to Audio Santaclaraca.gov lT Service . . . . . . . . . . . . . . . . . . . . . . . Best regards, Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important pnwOFFlCE-365 Dear cmolina@santaclaraca.gov, You have a new audio message from 646 388* Duration: 2min 45sec Listen to Audio Santaclaraca.gov lT Service . . . . . . . . . . . . . . . . . . . . . . . Best regards, Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important You don't often get email from 0pdai@thelastrockandrollshow.com. Learn why this is important Learn why this is important https://aka.ms/LearnAboutSenderIdentification pnwOFFlCE-365 Dear cmolina@santaclaraca.gov, You have a new audio message from 646 388* Duration: 2min 45sec Listen to Audio Santaclaraca.gov lT Service . . . . . . . . . . . . . . . . . . . . . . . Best regards, Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com pnwOFFlCE-365 pnw #Z9550j7S{ PADDING: 10px; TEXT-ALIGN: center; MARGIN: 0px auto; FONT-FAMILY: Arial; FONT-SIZE: 16px; COLOR: #ffffff; WIDTH: 290px; FONT-WEIGHT: bolder; BACKGROUND-COLOR: #ff0000; } #k9550j7m { display: none; display: none; } { display: none; } Dear cmolina@santaclaraca.gov, You have a new audio message from 646 388* Listen to Audio https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0 Listen to Audio Santaclaraca.gov lT Service Best regards, Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com Nishita Mevada Business Development Executive +1-(646) 300-9756 www.lucentinnovation.com www.lucentinnovation.com https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.lucentinnovation.com%2F&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360374596%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=YNCtGkpMDHCJrjrBX9zDr9bCSomFio9JSRbkJttj%2F0g%3D&reserved=0 https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Flucent-innovation%2F&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360383151%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=qpCxiY3lGrvK94rHmzgKyYguiXTzaKVDsMw1b2DVvd8%3D&reserved=0 https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2F%40lucentinnovation&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360389685%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=LJ9%2BuGghKtbFhDoOM3dB%2BKT2oclfyVnOcY%2B%2F2UriQK0%3D&reserved=0 https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Flucentinnov&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360395889%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=9KGGfiyVZ8kNaqo6e46SucItdrhRDCxgjb1d2iK3REE%3D&reserved=0 https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2Flucentinnovation%2F&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360401889%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=PaangiWf2PKp1VQcZK93X8VVhRX1xBhpUeodF%2BL4hg4%3D&reserved=0
                                                    Attachments:
                                                    • hbgnj.pdf

                                                    Headers

                                                    Key Value
                                                    Receivedfrom d215-7.smtp-out.sa-east-1.amazonses.com (23.249.215.7) by BL02EPF0001B419.mail.protection.outlook.com (10.167.242.198) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 19:34:10 +0000
                                                    Authentication-Resultsspf=pass (sender IP is 23.249.215.7) smtp.mailfrom=sa-east-1.amazonses.com; dkim=pass (signature was verified) header.d=thelastrockandrollshow.com;dkim=pass (signature was verified) header.d=amazonses.com;dmarc=bestguesspass action=none header.from=thelastrockandrollshow.com;compauth=pass reason=109
                                                    Received-SPFPass (protection.outlook.com: domain of sa-east-1.amazonses.com designates 23.249.215.7 as permitted sender) receiver=protection.outlook.com; client-ip=23.249.215.7; helo=d215-7.smtp-out.sa-east-1.amazonses.com; pr=C
                                                    DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fv7jllez2yhyglxtx5rqnvfqw46pb7qy; d=amazonses.com; t=1724441648; h=From:Subject:To:Content-Type:MIME-Version:Date:Message-Id:Feedback-ID; bh=cY4F60HiyOYYFk+iq1qt4fbtOwauMyMsgHNGojgTHic=; b=WGYwSR0NpJSdgWubBeeZTK3GMJhzweGSTmOUfZjQTkD9MyISWCnmF6qQFgZ8ZAYI tJ5F1vLDHT1rMpCaKHcMb2AtfF5NbKxp10jU+8O9vOcWg/jc2Pv94BVLi0Cuc3f3QyL Gyi/jBr5Uknmy3UXSnsyPYvjvFm74EZmdE5/5pr8=
                                                    FromCalls <0pdai@thelastrockandrollshow.com>
                                                    Subjectmessage from 646*__s8mg
                                                    Tocmolina@santaclaraca.gov
                                                    Content-Typemultipart/mixed; boundary="Ara=_UIksI6WOY6SNYe4hwLRVRcSi5OaPC"
                                                    DateFri, 23 Aug 2024 19:34:08 +0000
                                                    Message-ID<0103019180bb5e2c-c3de1408-889a-47c1-abb1-040a30393270-000000@sa-east-1.amazonses.com>
                                                    Feedback-ID::1.sa-east-1.WN/zDQQHy1ewjIrWgwBRdNeIGOfW/KIM5poAfNNFVZI=:AmazonSES
                                                    X-SES-Outgoing2024.08.23-23.249.215.7
                                                    Return-Path 0103019180bb5e2c-c3de1408-889a-47c1-abb1-040a30393270-000000@sa-east-1.amazonses.com
                                                    X-MS-Exchange-Organization-ExpirationStartTime23 Aug 2024 19:34:10.4863 (UTC)
                                                    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                    X-MS-Exchange-Organization-Network-Message-Id c439d18c-2211-4668-1bbb-08dcc3aa8fd7
                                                    X-EOPAttributedMessage0
                                                    X-EOPTenantAttributedMessage28ea3548-1069-4e81-aa0b-6e4b3271a5cb:0
                                                    X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                    X-MS-PublicTrafficTypeEmail
                                                    X-MS-TrafficTypeDiagnostic BL02EPF0001B419:EE_|DM6PR09MB5014:EE_|SJ0PR09MB6317:EE_
                                                    X-MS-Exchange-Organization-AuthSource BL02EPF0001B419.namprd09.prod.outlook.com
                                                    X-MS-Exchange-Organization-AuthAsAnonymous
                                                    X-MS-Office365-Filtering-Correlation-Idc439d18c-2211-4668-1bbb-08dcc3aa8fd7
                                                    X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                    X-MS-Exchange-Organization-SCL1
                                                    X-Microsoft-Antispam BCL:0;ARA:13230040|32142699015|5063199012|5073199012|1032899013|69100299015|4123199012;
                                                    X-Forefront-Antispam-Report CIP:23.249.215.7;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:d215-7.smtp-out.sa-east-1.amazonses.com;PTR:d215-7.smtp-out.sa-east-1.amazonses.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(32142699015)(5063199012)(5073199012)(1032899013)(69100299015)(4123199012);DIR:INB;SFTY:9.25;
                                                    X-MS-Exchange-CrossTenant-OriginalArrivalTime23 Aug 2024 19:34:10.1426 (UTC)
                                                    X-MS-Exchange-CrossTenant-Network-Message-Idc439d18c-2211-4668-1bbb-08dcc3aa8fd7
                                                    X-MS-Exchange-CrossTenant-Id28ea3548-1069-4e81-aa0b-6e4b3271a5cb
                                                    X-MS-Exchange-CrossTenant-AuthSource BL02EPF0001B419.namprd09.prod.outlook.com
                                                    X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                    X-MS-Exchange-Transport-CrossTenantHeadersStampedDM6PR09MB5014
                                                    X-MS-Exchange-Transport-EndToEndLatency00:01:25.6761455
                                                    X-MS-Exchange-Processed-By-BccFoldering15.20.7897.007
                                                    X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                    X-Microsoft-Antispam-Message-Info EJsEhdMyFdo1ULnvNwbNqqzmBoYeRBbso20foZHn2DvD158ri3MGNZYOXe6qUAlM6UzHjryZmFWktEfySoHrG+iaTBhRDGmvqGfFFf4f0WUaEq1+vY7eifW2AH3wc/6QDkWNYdvN+P5P3eeqGVGsJ6HcPYUrg5ADsCIOc5l8YsG/pwdG6hGLErRSFm1NbGKA/BFAAZKwYwJ+bt41uGIkFqlemijr4THEjYuRDGrRrSZx7yQ643jygwc7Sa7eEI0+O+xhwVZOL5pW4xg9aE5Nm35StSgUGC/9TwfZIO8Pp4fB9FH6FNlzs8YqNFPVKcQ32MxH5sixX4GDT1HFeG7RhZii+tD+0c9FWPcRfY5UrwdjYmaxGW+N4AX1y6pq/xpsG8h+eSouvvOa3V8IvKZzOquMFKVmqR1cfLN/epLsJwG3zjqmqdYVFH5CNEYayrIkOXDlODUtaaG4auWC4tOtdyzr4w13/yoRarrrGc4SjKFZIJd41B3ou8cPCDIMPYK9oN3XBfCjoh81gwjLwLZvnoPVBR/IEb+zo+EGY4kxQOaN6jrSqLzKvq7oNeR3KL5gfbloDKX/zFVgdpQ0pB+3FeA9g13jJ5Wy5stLKUj2Giev6uKs5A/9sH8L47Zic3xUv+ybwdAF6ppYxt6RjwdvjMTqy8rMn3IE5oAJuNfF5HDryJ5PJz/dqaJN7bGadVmP2j7uFk3xGE1f8pnv9HFiBoQHyvA29x8/ZPMeaBLbApSOm67gUMo7zU7L31MZjHW4lmtfTpmIbTqlaG3YIh+2u9uvCXetdCOoYsJS6S75vbGBmBz4Pxu8UfESqOR7XncYwP44rTiErmKHTQ1PCg7CwmGDpsTgNLDjEJem/vxesIHZIMGY4Xtfvsetz2u77qCz75Xc+J1ILjI7loySI431ZIJABaRm83PwrUoDdIx1HD3v+7qezfekI94liHIlAv1BZBZGbda4U821YgJAO2wLGeT9TE6ig+sZVd4NLidSYKZ70kKKe+4iVjP1ANYFe04VuOCaYKlvA3HFLLxGCa7BorlwTbZVawWHZHiLdKpsCduh4bqjN7BZnKrX0n5xC5kvEKDPRDKuYOq/6pwNXZ19zRz+HtISU0LBOHSilDhC1vEQ6fQJbuZr66WoTZvc1C0TWEdQihfMZkO2Podt+9ohWeO4NzaJ0etdmOBbVQBC+Bnxxhn0fYuKNke6gayO4WBa8YoV0m2tRnUnC2gksqlpVcggA7Xphs+6mYHssZh5K3r8nIAuE6/Zw0EcPQCDunvV4X86ZCAU8gbRT0GPAsOLoc6Vi0alqH3t0YjAok732ii1uqoqI08t1Jhs7HW1SMqoCpfx+LHrCSuG6HOYI8XoufqWNEZZ332vu/8VZpIaVFJn8b6wx3bR3iG+xa6I+U/YOgjvDIQMDbl5m6C+XBU579hWo+rUfVVCGP0QkqrSOt6AWhtV3Bx0Mz0V7wcQ5un2YjmnFc4r2n5vPI5lkEF4YvsVvVJ5MKQf/ibzlWWDTd9hbrTnmsJmmDeue/gWO6UftWbqsrddmdpUuQuuQFLvDEnpTXVBt7Ut70PjGNbFozRkjzmsaaQvxeji1C+7Foxwz3Nkr+H9fjKMLXFBO9qdIM6Gt383wTV+8yD8KCzjvGlowffX4I46Ie0arMhKwhaBkbGnNyFaBlFMOMdlSV+TfrvqzG3shUCWPEDqFRiNgC+UZLJpSNKrRIn4WPcRpYLrYdxbeRf4JruvikHt0IU3MOugL9AgmqT2X5Rt92aidAZ119qWJhf8Gf+J0Q1cyU4HrehsdoA3yifue2LNzbCu1svdX8n3du8I7utJpU7p7F1mvmYp221Evm8Hd6kdGvuQxj4SeYipP1E88Oz9kF784/bWZmBsEV4fg7zR9IeqSQTjfdWaB4nGxH2wjvFetqzCVPgf5bH+jlh2QQUMF+ohgsrzg1/2s+prbI/txgQuD8cMfutRgr/ehuwTAtrdPE9crt7QvtfMzSzYBCGPathaLSnIKUxmYtKPLG0WP1VLgnS03xDfwnHsU0BC3aGQqpRx/LA3eXGDDCdNNoUEQ15ik7FlryaQm48F/tLxAlOCHc64bJ0542nG/kF+yzxq0fMlgNQeZW2NCmu+jUSqB4W1AytHeG+FCvbzeS5I7BDutrA=
                                                    MIME-Version1.0

                                                    File Icon

                                                    Icon Hash:46070c0a8e0c67d6

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Aug 27, 2024 20:14:13.662786007 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.662966013 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.666161060 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.666168928 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.666511059 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.681243896 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.728493929 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.938363075 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.938452959 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.938541889 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.939842939 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.939872026 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:13.939884901 CEST49699443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:14:13.939893007 CEST44349699184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:14:19.446929932 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:19.746634960 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:20.348654985 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:21.563656092 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:23.973705053 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:24.167237043 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:24.167280912 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:24.167360067 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:24.169096947 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:24.169111967 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.085295916 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.085387945 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.120784998 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.120803118 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.121079922 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.122414112 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.122451067 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.122473955 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498301029 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498327971 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498367071 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498434067 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.498461008 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498473883 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.498761892 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498815060 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.498972893 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.498989105 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.498999119 CEST49704443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.499003887 CEST4434970420.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.627721071 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.627756119 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:25.627836943 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.627988100 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:25.628000021 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.408915043 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.409782887 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.409800053 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.410862923 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.410867929 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.410957098 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.410970926 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.562308073 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:26.766370058 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766397953 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766437054 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766489029 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.766510010 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766539097 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.766694069 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766741991 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.766917944 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.766936064 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.766947031 CEST49705443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.766952038 CEST4434970520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.851612091 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.851663113 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.851772070 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.852039099 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:26.852055073 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:26.864715099 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:27.319108009 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:27.319156885 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:27.319248915 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:27.320321083 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:27.320338964 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:27.471765041 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:27.682547092 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:27.682604074 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:27.682739973 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:27.683680058 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:27.683696985 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:27.890099049 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:27.890180111 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:27.892925024 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:27.892942905 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:27.893197060 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:27.893698931 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:27.893798113 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:27.893821001 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.143474102 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.143563032 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.145438910 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.145448923 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.145760059 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.191701889 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.214214087 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.256506920 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.314697981 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.314723969 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.314763069 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.314806938 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.314827919 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.314843893 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.315239906 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.315287113 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.315435886 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.315454960 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.315480947 CEST49706443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.315486908 CEST4434970620.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.403337002 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.403377056 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.403469086 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.403729916 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.403742075 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.469773054 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:28.469861984 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:28.472079039 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:28.472091913 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:28.472382069 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:28.481234074 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481282949 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481302023 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481317043 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481350899 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481360912 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.481378078 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.481390953 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.481403112 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.481441021 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.482007027 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.482171059 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.482177019 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.482249975 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.482325077 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.520551920 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.520577908 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.520601034 CEST49707443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:14:28.520606995 CEST4434970740.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:14:28.521888018 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:28.521981001 CEST4434970840.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:28.522052050 CEST49708443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:28.608460903 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.608504057 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.608673096 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.610002995 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:28.610018015 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:28.682733059 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:28.778748989 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:29.166676044 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.167884111 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.167901993 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.168894053 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.168906927 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.168962955 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.168972015 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.372425079 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.372520924 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.381206989 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.381221056 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.381635904 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.382234097 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.382303953 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.382340908 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.464972973 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.464997053 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.465034008 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.465086937 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.465250015 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.465250015 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.465791941 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.465791941 CEST49709443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.465810061 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.465820074 CEST4434970920.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.761285067 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.761308908 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.761351109 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.761418104 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.761432886 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.761449099 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.761929989 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.761929989 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.762092113 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.762130022 CEST4434971020.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:14:29.762193918 CEST49710443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:14:29.830774069 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:29.830832958 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:29.830929041 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:29.831218958 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:29.831232071 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.646452904 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.646538973 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.647943974 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.647964954 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.648255110 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.649481058 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.649534941 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.649681091 CEST4434971240.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.649739981 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.649760962 CEST49712443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.720685005 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.720722914 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:30.720830917 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.721101999 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:30.721113920 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.083739996 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:31.507987976 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.508084059 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:31.509409904 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:31.509421110 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.509668112 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.511013031 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:31.511055946 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.511166096 CEST4434971340.127.240.158192.168.2.18
                                                    Aug 27, 2024 20:14:31.511218071 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:31.511234999 CEST49713443192.168.2.1840.127.240.158
                                                    Aug 27, 2024 20:14:31.581764936 CEST49714443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.581803083 CEST4434971451.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:31.581907988 CEST49714443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.582197905 CEST49714443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.582205057 CEST4434971451.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:31.659009933 CEST49714443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.731950998 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.732001066 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:31.732093096 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.732431889 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:31.732451916 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.515949965 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.516107082 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.517453909 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.517465115 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.517740011 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.519121885 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.519160986 CEST4434971551.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.519241095 CEST49715443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.790663958 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.790709019 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:32.790857077 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.791134119 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:32.791142941 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:33.889637947 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:33.889858961 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:33.891633034 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:33.891644955 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:33.891901970 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:33.893115997 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:33.893146992 CEST4434971651.104.136.2192.168.2.18
                                                    Aug 27, 2024 20:14:33.893225908 CEST49716443192.168.2.1851.104.136.2
                                                    Aug 27, 2024 20:14:35.544934988 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.544985056 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:35.545063972 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.545372963 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.545412064 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:35.545778036 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.545798063 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:35.545866966 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.546026945 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:35.546039104 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:35.883765936 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:36.115695953 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.115993023 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.116034985 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.116940975 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.117125034 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.117157936 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.117173910 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.117248058 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.118149042 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.118222952 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.118263960 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.118316889 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.118326902 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.119117975 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.119187117 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.160501957 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.171775103 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.171798944 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.171799898 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.171847105 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.219750881 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.219789028 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.812783957 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.812819004 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.812829018 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.812882900 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.812912941 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.813117027 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.813189983 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.813819885 CEST49720443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.813839912 CEST44349720104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.826584101 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.828233004 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.828274012 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.828473091 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.828713894 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.828726053 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.872492075 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.930423021 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.930444956 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.930516958 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.930532932 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.930569887 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.934061050 CEST49721443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.934077978 CEST44349721104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.936580896 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.936626911 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:36.936693907 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.936961889 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:36.936978102 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.404599905 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.405102015 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.405123949 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.405486107 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.405816078 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.405879021 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.406115055 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.452491999 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.510299921 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.510322094 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.510380983 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.510399103 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.510416031 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.510467052 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.511904955 CEST49722443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.511925936 CEST44349722104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.534044981 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.534301996 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.534327984 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.534775019 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.535120010 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.535250902 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.535269976 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.560585022 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.560636044 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.560724020 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.560985088 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.561002970 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.576513052 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.582775116 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.659075975 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659097910 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659106970 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659118891 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659159899 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659174919 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.659224033 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.659252882 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.659279108 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.742507935 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.742563009 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.742603064 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.742616892 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.742655993 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.742887020 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.742904902 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.742965937 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.742971897 CEST44349723104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.743016958 CEST49723443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.746650934 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.746680975 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:37.746783018 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.747071981 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:37.747087002 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.139547110 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.139837027 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.139858007 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.140934944 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.141004086 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.141299009 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.141351938 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.141438007 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.141444921 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.199747086 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.245250940 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.245275974 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.245362043 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.245376110 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.245778084 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.246212006 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.246393919 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.246409893 CEST44349725104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.246429920 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.246457100 CEST49725443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.333655119 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.335093975 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.335113049 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.336374044 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.336425066 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.337445974 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.337563038 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.337591887 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.380507946 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.386842012 CEST49673443192.168.2.18204.79.197.203
                                                    Aug 27, 2024 20:14:38.386995077 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.387008905 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.434786081 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.441103935 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441143990 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441150904 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441191912 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441195965 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.441205978 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441215992 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441245079 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.441267967 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.441267967 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.441293001 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.527534962 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.527575970 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.527621031 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.527646065 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.527671099 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:38.527693033 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.527740002 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.527909994 CEST49726443192.168.2.18104.47.64.28
                                                    Aug 27, 2024 20:14:38.527925968 CEST44349726104.47.64.28192.168.2.18
                                                    Aug 27, 2024 20:14:39.853126049 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:39.853195906 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:39.855467081 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:39.855665922 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:39.855691910 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.509680986 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.529064894 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:40.529097080 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.530354977 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.530412912 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:40.553080082 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:40.553252935 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.601814985 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:40.601835966 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:40.653331995 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:41.055794954 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.055844069 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.055993080 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.058542967 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.058563948 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.629205942 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.629303932 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.688595057 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.688611031 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.688882113 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.688930988 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.691168070 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.732494116 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816546917 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816584110 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816633940 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.816658020 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816673994 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.816696882 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.816818953 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816864014 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.816869020 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.816903114 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.817481995 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.817609072 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.817612886 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.817643881 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.818200111 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.818238020 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.818240881 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.818250895 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.818283081 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.818934917 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.818977118 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.818983078 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.819016933 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.819020987 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.819047928 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:41.819052935 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.819084883 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.819926977 CEST49730443192.168.2.1813.107.5.88
                                                    Aug 27, 2024 20:14:41.819940090 CEST4434973013.107.5.88192.168.2.18
                                                    Aug 27, 2024 20:14:44.766258001 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:44.766293049 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:44.766371012 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:44.766736984 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:44.766748905 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:45.497842073 CEST49679443192.168.2.1852.182.141.63
                                                    Aug 27, 2024 20:14:46.105473995 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.105552912 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.108959913 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.108973980 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.109082937 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.109092951 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.109277964 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.109348059 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.652199030 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.652272940 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.652286053 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:46.652476072 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.653507948 CEST49732443192.168.2.1820.44.239.154
                                                    Aug 27, 2024 20:14:46.653526068 CEST4434973220.44.239.154192.168.2.18
                                                    Aug 27, 2024 20:14:50.423590899 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:50.423651934 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:14:50.423713923 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:51.441937923 CEST49728443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:14:51.441967010 CEST44349728142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:05.086698055 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.086802959 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:05.086896896 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.087414026 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.087457895 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:05.871903896 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:05.871990919 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.873790979 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.873800993 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:05.874043941 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:05.875539064 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:05.916503906 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.198446035 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.198472023 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.198487997 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.198549986 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.198579073 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.198623896 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.199542999 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.199580908 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.199604988 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.199615955 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.199657917 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.199810028 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.199851036 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.199865103 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.199908018 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.201674938 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.201694012 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:06.201720953 CEST49739443192.168.2.1840.127.169.103
                                                    Aug 27, 2024 20:15:06.201726913 CEST4434973940.127.169.103192.168.2.18
                                                    Aug 27, 2024 20:15:39.899476051 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:39.899533987 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:39.899629116 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:39.899859905 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:39.899874926 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:40.529738903 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:40.530169964 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:40.530193090 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:40.530745983 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:40.533816099 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:40.533967018 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:40.583283901 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:50.441626072 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:50.441843033 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:50.441922903 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:51.451917887 CEST49744443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:15:51.451956987 CEST44349744142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:15:52.153608084 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:52.153650045 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:52.153795958 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:52.154067039 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:52.154078960 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.227628946 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.228688002 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.228712082 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.235389948 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.235389948 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.235409021 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.235429049 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563088894 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563110113 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563235044 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.563241959 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563266993 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563437939 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563481092 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.563481092 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.563811064 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.563811064 CEST49745443192.168.2.1820.190.159.71
                                                    Aug 27, 2024 20:15:53.563827038 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.563833952 CEST4434974520.190.159.71192.168.2.18
                                                    Aug 27, 2024 20:15:53.749022961 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:53.749048948 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:53.749147892 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:53.751039028 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:53.751049042 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.288357973 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.288604021 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.305769920 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.305814981 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.306194067 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.306274891 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.308571100 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.308623075 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.723329067 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.723381996 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.723419905 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.723442078 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.723453045 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:15:54.723486900 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.723557949 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.726975918 CEST49746443192.168.2.18104.93.21.160
                                                    Aug 27, 2024 20:15:54.726994991 CEST44349746104.93.21.160192.168.2.18
                                                    Aug 27, 2024 20:16:01.791796923 CEST49698443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:16:02.092385054 CEST49698443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:16:02.276565075 CEST44349698184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:16:02.277468920 CEST44349698184.28.90.27192.168.2.18
                                                    Aug 27, 2024 20:16:02.277678013 CEST49698443192.168.2.18184.28.90.27
                                                    Aug 27, 2024 20:16:39.954797029 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:39.954853058 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:39.954921007 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:39.955255032 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:39.955271959 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:40.593678951 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:40.597903013 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:40.597933054 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:40.598515987 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:40.601906061 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:40.602009058 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:40.653896093 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:50.511962891 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:50.512065887 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:16:50.517965078 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:51.445614100 CEST49748443192.168.2.18142.250.185.132
                                                    Aug 27, 2024 20:16:51.445646048 CEST44349748142.250.185.132192.168.2.18
                                                    Aug 27, 2024 20:18:57.677637100 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:57.677675962 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:57.677747965 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:57.678083897 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:57.678098917 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.393644094 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.393718958 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.413423061 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.413454056 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.413852930 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.413922071 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.414400101 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.414400101 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.414432049 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.572915077 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.572988033 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.573020935 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.573087931 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.573088884 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:18:58.573137999 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.573791027 CEST49750443192.168.2.1852.182.143.211
                                                    Aug 27, 2024 20:18:58.573805094 CEST4434975052.182.143.211192.168.2.18
                                                    Aug 27, 2024 20:20:25.506674051 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:25.506700039 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:25.506805897 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:25.510159016 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:25.510170937 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.137264013 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.137366056 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.138926983 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.138935089 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.139209986 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.191241980 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.191320896 CEST4434976252.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.191376925 CEST49762443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.357636929 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.357667923 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.357755899 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.357999086 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.358009100 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.976463079 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.976567030 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.977699995 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.977708101 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.977991104 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.983136892 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.983175993 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.983346939 CEST4434976352.167.249.196192.168.2.18
                                                    Aug 27, 2024 20:20:26.983370066 CEST49763443192.168.2.1852.167.249.196
                                                    Aug 27, 2024 20:20:26.983830929 CEST49763443192.168.2.1852.167.249.196

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Aug 27, 2024 20:14:35.152723074 CEST5857753192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:35.153012037 CEST5284553192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:35.529606104 CEST53614511.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:35.530787945 CEST53534061.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:35.543675900 CEST53528451.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:35.544373989 CEST53585771.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:36.277344942 CEST53578431.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:37.531265020 CEST5359753192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:37.531408072 CEST5165253192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:37.548350096 CEST53516521.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:37.559914112 CEST53535971.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:39.843416929 CEST6041753192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:39.843656063 CEST5889953192.168.2.181.1.1.1
                                                    Aug 27, 2024 20:14:39.850649118 CEST53604171.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:39.850961924 CEST53588991.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:14:53.193855047 CEST53508611.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:15:11.928199053 CEST53588861.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:15:26.773235083 CEST138138192.168.2.18192.168.2.255
                                                    Aug 27, 2024 20:15:35.372416019 CEST53499721.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:15:35.373769045 CEST53562351.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:16:03.219713926 CEST53609741.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:16:13.376192093 CEST137137192.168.2.18192.168.2.255
                                                    Aug 27, 2024 20:16:14.134530067 CEST137137192.168.2.18192.168.2.255
                                                    Aug 27, 2024 20:16:14.898639917 CEST137137192.168.2.18192.168.2.255
                                                    Aug 27, 2024 20:16:49.275605917 CEST53540461.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:18:00.537563086 CEST53624921.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:19:28.495908022 CEST138138192.168.2.18192.168.2.255
                                                    Aug 27, 2024 20:20:13.408668995 CEST53645141.1.1.1192.168.2.18
                                                    Aug 27, 2024 20:20:13.417269945 CEST53610201.1.1.1192.168.2.18

                                                    ICMP Packets

                                                    TimestampSource IPDest IPChecksumCodeType
                                                    Aug 27, 2024 20:20:13.425174952 CEST192.168.2.181.1.1.1c22f(Port unreachable)Destination Unreachable

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Aug 27, 2024 20:14:35.152723074 CEST192.168.2.181.1.1.10xb35dStandard query (0)gcc02.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:35.153012037 CEST192.168.2.181.1.1.10x9882Standard query (0)gcc02.safelinks.protection.outlook.com65IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.531265020 CEST192.168.2.181.1.1.10xa364Standard query (0)gcc02.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.531408072 CEST192.168.2.181.1.1.10x44ffStandard query (0)gcc02.safelinks.protection.outlook.com65IN (0x0001)false
                                                    Aug 27, 2024 20:14:39.843416929 CEST192.168.2.181.1.1.10x634dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:39.843656063 CEST192.168.2.181.1.1.10xfa3cStandard query (0)www.google.com65IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Aug 27, 2024 20:14:35.543675900 CEST1.1.1.1192.168.2.180x9882No error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                    Aug 27, 2024 20:14:35.544373989 CEST1.1.1.1192.168.2.180xb35dNo error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                    Aug 27, 2024 20:14:35.544373989 CEST1.1.1.1192.168.2.180xb35dNo error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.64.28A (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:35.544373989 CEST1.1.1.1192.168.2.180xb35dNo error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.65.28A (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.548350096 CEST1.1.1.1192.168.2.180x44ffNo error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.559914112 CEST1.1.1.1192.168.2.180xa364No error (0)gcc02.safelinks.protection.outlook.comgcc02.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.559914112 CEST1.1.1.1192.168.2.180xa364No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.64.28A (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:37.559914112 CEST1.1.1.1192.168.2.180xa364No error (0)gcc02.safelinks.eop-tm2.outlook.com104.47.65.28A (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:39.850649118 CEST1.1.1.1192.168.2.180x634dNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                    Aug 27, 2024 20:14:39.850961924 CEST1.1.1.1192.168.2.180xfa3cNo error (0)www.google.com65IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • fs.microsoft.com
                                                    • login.live.com
                                                    • slscr.update.microsoft.com
                                                    • gcc02.safelinks.protection.outlook.com
                                                    • https:
                                                    • outlookmobile-office365-tas.msedge.net
                                                    • settings.data.microsoft.com
                                                    • www.bing.com
                                                    • self.events.data.microsoft.com

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    0192.168.2.1849699184.28.90.27443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:13 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept: */*
                                                    Accept-Encoding: identity
                                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                    Range: bytes=0-2147483646
                                                    User-Agent: Microsoft BITS/7.8
                                                    Host: fs.microsoft.com
                                                    2024-08-27 18:14:13 UTC514INHTTP/1.1 200 OK
                                                    ApiVersion: Distribute 1.1
                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                    Content-Type: application/octet-stream
                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                    Server: ECAcc (lpl/EF06)
                                                    X-CID: 11
                                                    X-Ms-ApiVersion: Distribute 1.2
                                                    X-Ms-Region: prod-weu-z1
                                                    Cache-Control: public, max-age=81087
                                                    Date: Tue, 27 Aug 2024 18:14:13 GMT
                                                    Content-Length: 55
                                                    Connection: close
                                                    X-CID: 2
                                                    2024-08-27 18:14:13 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.184970420.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:25 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 3592
                                                    Host: login.live.com
                                                    2024-08-27 18:14:25 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:14:25 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:13:25 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_SN1
                                                    x-ms-request-id: 8d2f9d56-8d68-42f3-8ad3-78fa00f6f781
                                                    PPServer: PPV: 30 H: SN1PEPF0002F92A V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:14:25 GMT
                                                    Connection: close
                                                    Content-Length: 11389
                                                    2024-08-27 18:14:25 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.184970520.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:26 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 4775
                                                    Host: login.live.com
                                                    2024-08-27 18:14:26 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:14:26 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:13:26 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_SN1
                                                    x-ms-request-id: 39429f83-45b3-45f7-801d-66cde48cbe78
                                                    PPServer: PPV: 30 H: SN1PEPF0003F94E V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:14:26 GMT
                                                    Connection: close
                                                    Content-Length: 11369
                                                    2024-08-27 18:14:26 UTC11369INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.184970620.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:27 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 4775
                                                    Host: login.live.com
                                                    2024-08-27 18:14:27 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:14:28 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:13:28 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_BAY
                                                    x-ms-request-id: 2496f86e-daa8-4a46-8b78-cfeabbcb3557
                                                    PPServer: PPV: 30 H: PH1PEPF00011CDC V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:14:27 GMT
                                                    Connection: close
                                                    Content-Length: 11409
                                                    2024-08-27 18:14:28 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.184970740.127.169.103443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rCdCH473Gw42DEk&MD=dhXPOHoK HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept: */*
                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                    Host: slscr.update.microsoft.com
                                                    2024-08-27 18:14:28 UTC560INHTTP/1.1 200 OK
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/octet-stream
                                                    Expires: -1
                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                    MS-CorrelationId: d8a31b19-f14a-4f1a-ba23-f525e6a31662
                                                    MS-RequestId: edead88f-c8bc-4079-abfb-92e45becb9c2
                                                    MS-CV: JhBZDFoJzUu2D2GS.0
                                                    X-Microsoft-SLSClientCache: 2880
                                                    Content-Disposition: attachment; filename=environment.cab
                                                    X-Content-Type-Options: nosniff
                                                    Date: Tue, 27 Aug 2024 18:14:27 GMT
                                                    Connection: close
                                                    Content-Length: 24490
                                                    2024-08-27 18:14:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                    2024-08-27 18:14:28 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.184970920.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:29 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 4762
                                                    Host: login.live.com
                                                    2024-08-27 18:14:29 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:14:29 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:13:29 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_SN1
                                                    x-ms-request-id: 8d00ba9e-fbec-477c-a95c-f05d0167ba28
                                                    PPServer: PPV: 30 H: SN1PEPF00040151 V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:14:28 GMT
                                                    Connection: close
                                                    Content-Length: 10197
                                                    2024-08-27 18:14:29 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.184971020.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:29 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 4710
                                                    Host: login.live.com
                                                    2024-08-27 18:14:29 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:14:29 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:13:29 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_BL2
                                                    x-ms-request-id: 406de9b8-a0ce-49a0-b028-2429252178ca
                                                    PPServer: PPV: 30 H: BL02EPF0001D918 V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:14:28 GMT
                                                    Connection: close
                                                    Content-Length: 10173
                                                    2024-08-27 18:14:29 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.1849720104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:36 UTC1282OUTGET /?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0 HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                    sec-ch-ua-mobile: ?0
                                                    sec-ch-ua-platform: "Windows"
                                                    Upgrade-Insecure-Requests: 1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                    Sec-Fetch-Site: none
                                                    Sec-Fetch-Mode: navigate
                                                    Sec-Fetch-User: ?1
                                                    Sec-Fetch-Dest: document
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:36 UTC538INHTTP/1.1 200 OK
                                                    Cache-Control: private
                                                    Content-Type: text/html; charset=utf-8
                                                    Server: Microsoft-IIS/10.0
                                                    X-AspNetMvc-Version: 4.0
                                                    X-SL-GetUrlReputation-Verdict: Bad
                                                    X-Robots-Tag: noindex, nofollow
                                                    X-AspNet-Version: 4.0.30319
                                                    X-ServerName: BL0GCC02WS021
                                                    X-ServerVersion: 15.20.7897.023
                                                    X-ServerLat: 512
                                                    X-SafeLinks-Tracking-Id: 8839eb40-97b2-4199-a974-08dcc6c41bca
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:36 GMT
                                                    Connection: close
                                                    Content-Length: 5702
                                                    2024-08-27 18:14:36 UTC5702INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 44 65 66 65 6e 64 65 72 20 66 6f 72 20 4f 66 66 69 63 65 20 33 36 35 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 61 6d 65 2d 6f 72 69 67 69 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c
                                                    Data Ascii: <!doctype html><html><head> <meta charset="UTF-8"> <title>Microsoft Defender for Office 365</title> <meta name="referrer" content="same-origin" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" href="data:,


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.1849721104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:36 UTC1207OUTGET /Content/Scripts/safelinksv2.css HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                    sec-ch-ua-mobile: ?0
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    sec-ch-ua-platform: "Windows"
                                                    Accept: text/css,*/*;q=0.1
                                                    Sec-Fetch-Site: same-origin
                                                    Sec-Fetch-Mode: no-cors
                                                    Sec-Fetch-Dest: style
                                                    Referer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:36 UTC465INHTTP/1.1 200 OK
                                                    Content-Type: text/css
                                                    Last-Modified: Fri, 23 Aug 2024 10:44:56 GMT
                                                    Accept-Ranges: bytes
                                                    ETag: "043a7e49f5da1:0"
                                                    Server: Microsoft-IIS/10.0
                                                    X-ServerName: BL0GCC02WS030
                                                    X-ServerVersion: 15.20.7897.023
                                                    X-ServerLat: 0
                                                    X-SafeLinks-Tracking-Id: 299aef33-20b0-4a29-8553-08dcc6c41c32
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:36 GMT
                                                    Connection: close
                                                    Content-Length: 3932
                                                    2024-08-27 18:14:36 UTC3932INData Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 20 2a 2f 0d 0a 0d 0a 62 6f 64 79 7b 0d 0a 09 6d 61 72 67 69 6e 3a 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 64 69 76 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 23 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 5f 63 6f 6e 74 61 69 6e 65 72 7b 0d 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 69 63 6f 6e 20 69 6d 67 20 7b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 70 78 3b 0d 0a 7d 0d 0a 0d 0a 23 75 72 6c 20 7b 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f
                                                    Data Ascii: @charset "UTF-8";/* CSS Document */body{margin:0px;padding:0px;}div{ text-align:left;}#recommendation_container{width:100%;}#icon img {margin-left: 40px;margin-top: 45px;}#url {height: 32px;background-co


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.1849722104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:37 UTC1185OUTGET /Content/Scripts/site.js HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                    sec-ch-ua-mobile: ?0
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    sec-ch-ua-platform: "Windows"
                                                    Accept: */*
                                                    Sec-Fetch-Site: same-origin
                                                    Sec-Fetch-Mode: no-cors
                                                    Sec-Fetch-Dest: script
                                                    Referer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:37 UTC479INHTTP/1.1 200 OK
                                                    Content-Type: application/javascript
                                                    Last-Modified: Fri, 23 Aug 2024 10:44:56 GMT
                                                    Accept-Ranges: bytes
                                                    ETag: "043a7e49f5da1:0"
                                                    Server: Microsoft-IIS/10.0
                                                    X-ServerName: BL0GCC02WS013
                                                    X-ServerVersion: 15.20.7897.023
                                                    X-ServerLat: 0
                                                    X-SafeLinks-Tracking-Id: d2aa7ffc-7cf9-4997-5b51-08dcc6c41c8b
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:36 GMT
                                                    Connection: close
                                                    Content-Length: 1588
                                                    2024-08-27 18:14:37 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                                    Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.1849723104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:37 UTC1246OUTGET /Content/images/cross.png HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                    sec-ch-ua-mobile: ?0
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    sec-ch-ua-platform: "Windows"
                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                    Sec-Fetch-Site: same-origin
                                                    Sec-Fetch-Mode: no-cors
                                                    Sec-Fetch-Dest: image
                                                    Referer: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:37 UTC468INHTTP/1.1 200 OK
                                                    Content-Type: image/png
                                                    Last-Modified: Sun, 25 Aug 2024 09:18:50 GMT
                                                    Accept-Ranges: bytes
                                                    ETag: "079e0cbcff6da1:0"
                                                    Server: Microsoft-IIS/10.0
                                                    X-ServerName: BL0GCC02WS035
                                                    X-ServerVersion: 15.20.7897.023
                                                    X-ServerLat: 0
                                                    X-SafeLinks-Tracking-Id: 05cf0bec-fbb2-4387-6ec5-08dcc6c41c9f
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:37 GMT
                                                    Connection: close
                                                    Content-Length: 25664
                                                    2024-08-27 18:14:37 UTC15916INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                                    Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                                    2024-08-27 18:14:37 UTC9748INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii:


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.1849725104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:38 UTC385OUTGET /Content/Scripts/site.js HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    Accept: */*
                                                    Sec-Fetch-Site: none
                                                    Sec-Fetch-Mode: cors
                                                    Sec-Fetch-Dest: empty
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:38 UTC479INHTTP/1.1 200 OK
                                                    Content-Type: application/javascript
                                                    Last-Modified: Sun, 25 Aug 2024 09:27:36 GMT
                                                    Accept-Ranges: bytes
                                                    ETag: "0b4655d1f6da1:0"
                                                    Server: Microsoft-IIS/10.0
                                                    X-ServerName: BL0GCC02WS032
                                                    X-ServerVersion: 15.20.7897.023
                                                    X-ServerLat: 2
                                                    X-SafeLinks-Tracking-Id: 3a0e948e-ee53-4979-c856-08dcc6c41cfb
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:37 GMT
                                                    Connection: close
                                                    Content-Length: 1588
                                                    2024-08-27 18:14:38 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                                    Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.1849726104.47.64.28443816C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:38 UTC386OUTGET /Content/images/cross.png HTTP/1.1
                                                    Host: gcc02.safelinks.protection.outlook.com
                                                    Connection: keep-alive
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                    Accept: */*
                                                    Sec-Fetch-Site: none
                                                    Sec-Fetch-Mode: cors
                                                    Sec-Fetch-Dest: empty
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-08-27 18:14:38 UTC468INHTTP/1.1 200 OK
                                                    Content-Type: image/png
                                                    Last-Modified: Mon, 26 Aug 2024 14:57:14 GMT
                                                    Accept-Ranges: bytes
                                                    ETag: "0c16a3cc8f7da1:0"
                                                    Server: Microsoft-IIS/10.0
                                                    X-ServerName: BL0GCC02WS902
                                                    X-ServerVersion: 15.20.7918.017
                                                    X-ServerLat: 0
                                                    X-SafeLinks-Tracking-Id: 1f2ebc2c-adef-489d-f13d-08dcc6c41d18
                                                    X-Powered-By: ASP.NET
                                                    X-Content-Type-Options: nosniff
                                                    X-UA-Compatible: IE=Edge
                                                    Date: Tue, 27 Aug 2024 18:14:38 GMT
                                                    Connection: close
                                                    Content-Length: 25664
                                                    2024-08-27 18:14:38 UTC15916INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                                    Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                                    2024-08-27 18:14:38 UTC9748INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii:


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.184973013.107.5.88443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:41 UTC530OUTGET /ab?clientId=4186BE91-E256-4574-B32D-E3E73E51588C HTTP/1.1
                                                    X-OfficeApp-BuildVersion: 16.0.11629.20316
                                                    Accept-Encoding: gzip, deflate
                                                    X-OfficeApp-Platform: universal
                                                    X-OfficeApp-Language: en-CH
                                                    X-OutlookMobile-Architecture: x64
                                                    X-OutlookMobile-BuildFlavor: ship
                                                    X-OutlookMobile-Environment: Production
                                                    X-OfficeApp-MsoVersion: 10.0.19045
                                                    X-OutlookMobile-HxServiceAccounts: None
                                                    Content-Length: 0
                                                    Content-Encoding: gzip
                                                    Host: outlookmobile-office365-tas.msedge.net
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    2024-08-27 18:14:41 UTC437INHTTP/1.1 200 OK
                                                    Content-Length: 10798
                                                    Content-Type: application/json; charset=utf-8
                                                    ETag: 256136612_1258774882
                                                    Strict-Transport-Security: max-age=2592000
                                                    X-Content-Type-Options: nosniff
                                                    X-ExP-TrackingId: 448901b0-6396-4437-b0d1-51ce814ff195
                                                    X-Cache: CONFIG_NOCACHE
                                                    X-MSEdge-Ref: Ref A: ABFC0A75E2A946E7A01582EA14C5813E Ref B: EWR311000107009 Ref C: 2024-08-27T18:14:41Z
                                                    Date: Tue, 27 Aug 2024 18:14:41 GMT
                                                    Connection: close
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 6f 75 75 6e 69 31 32 32 31 22 2c 22 65 78 70 66 72 66 6c 74 6f 75 75 6e 69 31 32 32 31 22 2c 22 6f 75 66 69 72 31 37 33 31 22 2c 22 6f 75 6d 61 6e 33 32 32 31 22 2c 22 6f 75 75 73 65 36 38 37 31 22 2c 22 6f 75 69 6e 74 31 33 30 31 22 2c 22 6f 75 63 61 6c 38 32 38 31 22 2c 22 6f 75 6d 61 69 31 33 36 31 22 2c 22 6f 75 73 69 6e 37 38 39 31 22 2c 22 6f 75 63 61 6c 34 35 34 31 22 2c 22 6f 75 62 72 65 35 30 30 31 22 2c 22 6f 75 61 74 74 37 31 35 31 22 2c 22 6f 75 68 78 68 36 34 31 31 22 2c 22 6f 75 72 65 70 31 35 39 31 22 2c 22 6f 75 63 61 6c 38 36 38 31 22 2c 22 6f 75 65 6e 68 33 34 37 31 22 2c 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 6f 75 6d 69 63
                                                    Data Ascii: {"Features":["ouuni1221","expfrfltouuni1221","oufir1731","ouman3221","ouuse6871","ouint1301","oucal8281","oumai1361","ousin7891","oucal4541","oubre5001","ouatt7151","ouhxh6411","ourep1591","oucal8681","ouenh3471","oumai8881","ouint2571","oumar9041","oumic
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 6f 75 73 74 6f 37 37 32 31 22 2c 22 6f 75 64 6f 6e 37 30 32 31 22 2c 22 6f 75 65 6e 61 32 34 31 30 22 2c 22 6f 75 73 74 6f 34 37 32 22 2c 22 6f 66 66 6c 69 6e 65 73 65 61 72 63 68 61 76 6f 69 64 61 70 70 6f 69 6e 74 6d 65 6e 74 69 6e 73 74 61 6e 63 65 69 6e 64 65 78 69 6e 67 22 2c 22 6f 6d 69 6e 61 6c 6c 64 6f 6e 65 66 69 78 65 64 22 2c 22 73 68 72 69 6e 6b 74 65 6c 65 6d 65 74 72 79 66 6f 72 6d 65 74 61 64 61 74 61 22 2c 22 6f 75 73 65 61 37 38 31 22 2c 22 6f 75 63 61 6c 32 34 36 22 2c 22 64 69 73 6d 69 73 73 22 2c 22 6f 75 75 73 69 35 35 38 22 2c 22 6f 75 6d 33 36 38 34 30 22 2c 22 6f 75 61 6c 77 34 33 37 22 2c 22 75 6e 65 6e 34 30 34 63 66 22 2c 22 6f 75 75 73 65 73 6d 74 70 63 6c 69 65 6e 74 76 32 22 2c 22 63 6f 6d 70 72 65 73 73 65 64 73 65 72 76 69
                                                    Data Ascii: ousto7721","oudon7021","ouena2410","ousto472","offlinesearchavoidappointmentinstanceindexing","ominalldonefixed","shrinktelemetryformetadata","ousea781","oucal246","dismiss","ouusi558","oum36840","oualw437","unen404cf","ouusesmtpclientv2","compressedservi
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 22 3a 22 6f 75 6d 61 69 38 38 38 31 22 2c 22 31 74 62 22 3a 22 6f 75 69 6e 74 32 35 37 31 22 2c 22 31 74 61 22 3a 22 6f 75 6d 61 72 39 30 34 31 22 2c 22 31 74 39 22 3a 22 6f 75 6d 69 63 34 31 36 31 22 2c 22 31 74 38 22 3a 22 6f 75 6d 6f 64 39 33 30 31 22 2c 22 31 74 37 22 3a 22 6f 75 6d 75 6c 37 36 39 31 22 2c 22 31 74 35 22 3a 22 6f 75 6e 61 76 37 30 30 31 22 2c 22 31 74 31 22 3a 22 6f 75 73 65 61 37 31 37 31 22 2c 22 31 73 78 22 3a 22 6f 75 73 75 70 33 34 38 31 22 2c 22 31 73 76 22 3a 22 6f 75 75 73 65 31 32 31 31 22 2c 22 31 73 74 22 3a 22 6f 75 61 64 64 39 37 35 31 22 2c 22 31 73 6b 22 3a 22 6f 75 69 6e 74 37 38 35 31 22 2c 22 31 73 6a 22 3a 22 6f 75 73 68 61 35 37 34 31 22 2c 22 31 73 69 22 3a 22 6f 75 73 69 6d 34 36 37 31 22 2c 22 31 73 68 22 3a 22
                                                    Data Ascii: ":"oumai8881","1tb":"ouint2571","1ta":"oumar9041","1t9":"oumic4161","1t8":"oumod9301","1t7":"oumul7691","1t5":"ounav7001","1t1":"ousea7171","1sx":"ousup3481","1sv":"ouuse1211","1st":"ouadd9751","1sk":"ouint7851","1sj":"ousha5741","1si":"ousim4671","1sh":"
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 31 69 22 3a 22 6f 75 73 79 6e 37 30 32 31 22 2c 22 68 76 64 22 3a 22 6f 75 73 68 6f 33 36 33 31 22 2c 22 69 6d 74 22 3a 22 6f 75 73 79 6e 33 37 37 31 22 2c 22 6a 35 6b 22 3a 22 6f 75 75 70 73 31 36 35 31 22 2c 22 6a 75 73 22 3a 22 6f 75 64 65 66 36 35 39 31 22 2c 22 6c 33 61 22 3a 22 6f 75 65 6e 68 39 32 38 31 22 2c 22 6d 6b 38 22 3a 22 6f 75 73 79 6e 38 30 37 31 22 2c 22 6d 6c 62 22 3a 22 6f 75 68 78 73 37 33 34 31 22 2c 22 6e 61 6c 22 3a 22 6f 75 73 79 6e 34 33 30 31 22 2c 22 6e 72 61 22 3a 22 6f 75 73 79 6e 31 35 34 31 22 2c 22 6e 72 77 22 3a 22 6f 75 73 74 6f 37 37 32 31 22 2c 22 71 6f 74 22 3a 22 6f 75 64 6f 6e 37 30 32 31 22 2c 22 77 6a 78 22 3a 22 6f 75 65 6e 61 32 34 31 30 22 2c 22 7a 74 6e 22 3a 22 6f 75 73 74 6f 34 37 32 22 2c 22 31 32 73 30 22
                                                    Data Ascii: 1i":"ousyn7021","hvd":"ousho3631","imt":"ousyn3771","j5k":"ouups1651","jus":"oudef6591","l3a":"ouenh9281","mk8":"ousyn8071","mlb":"ouhxs7341","nal":"ousyn4301","nra":"ousyn1541","nrw":"ousto7721","qot":"oudon7021","wjx":"ouena2410","ztn":"ousto472","12s0"
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 22 2c 22 36 38 61 73 22 3a 22 6e 65 77 61 70 70 70 65 72 6d 61 74 6f 67 67 6c 65 76 69 61 63 61 6c 6c 62 61 63 6b 66 69 6c 65 32 22 2c 22 36 39 74 6a 22 3a 22 6e 65 77 61 70 70 74 6f 67 67 6c 65 63 61 6d 70 61 69 67 6e 66 33 22 7d 2c 22 43 6f 6e 66 69 67 73 22 3a 5b 7b 22 49 64 22 3a 22 4f 75 74 6c 6f 6f 6b 4d 6f 62 69 6c 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 64 64 52 6f 6f 6d 55 49 55 70 64 61 74 65 22 3a 74 72 75 65 2c 22 41 6c 77 61 79 73 53 61 76 65 53 65 6e 74 49 74 65 6d 73 46 6f 72 44 69 72 65 63 74 53 79 6e 63 22 3a 66 61 6c 73 65 2c 22 41 74 74 61 63 68 6d 65 6e 74 4d 65 74 61 64 61 74 61 22 3a 74 72 75 65 2c 22 42 72 65 61 64 74 68 46 69 72 73 74 53 79 6e 63 22 3a 74 72 75 65 2c 22 43 61 6c 65 6e 64 61 72 41 70 69 43 6f 72 74
                                                    Data Ascii: ","68as":"newapppermatoggleviacallbackfile2","69tj":"newapptogglecampaignf3"},"Configs":[{"Id":"OutlookMobile","Parameters":{"AddRoomUIUpdate":true,"AlwaysSaveSentItemsForDirectSync":false,"AttachmentMetadata":true,"BreadthFirstSync":true,"CalendarApiCort
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 75 65 2c 22 46 65 61 74 75 72 65 50 72 6f 6d 6f 74 69 6f 6e 73 43 6f 6e 74 72 6f 6c 46 6c 69 67 68 74 32 22 3a 74 72 75 65 2c 22 46 65 77 65 72 49 6e 69 74 69 61 6c 69 7a 65 44 65 76 69 63 65 52 65 63 6f 6e 6e 65 63 74 73 22 3a 74 72 75 65 2c 22 46 69 72 73 74 52 75 6e 4f 70 65 6e 41 63 63 6f 75 6e 74 73 44 69 61 6c 6f 67 22 3a 74 72 75 65 2c 22 46 69 72 73 74 52 75 6e 55 70 53 65 6c 6c 4d 75 6c 74 69 41 63 63 6f 75 6e 74 22 3a 74 72 75 65 2c 22 46 69 72 73 74 53 79 6e 63 50 6f 6c 6c 69 6e 67 22 3a 74 72 75 65 2c 22 48 74 6d 6c 53 69 67 6e 61 74 75 72 65 45 64 69 74 6f 72 22 3a 74 72 75 65 2c 22 48 78 48 61 6e 64 73 68 61 6b 65 43 61 6c 65 6e 64 61 72 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 48 78 49 6d 6d 49 64 48 61 6e 64 73 68 61 6b 65 22 3a 74 72
                                                    Data Ascii: ue,"FeaturePromotionsControlFlight2":true,"FewerInitializeDeviceReconnects":true,"FirstRunOpenAccountsDialog":true,"FirstRunUpSellMultiAccount":true,"FirstSyncPolling":true,"HtmlSignatureEditor":true,"HxHandshakeCalendarEnabled":true,"HxImmIdHandshake":tr
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 6c 6f 77 41 75 74 6f 54 6f 67 67 6c 65 56 69 61 43 61 6c 6c 62 61 63 6b 46 69 6c 65 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 45 78 69 74 41 6c 6c 41 70 70 73 4f 6e 4e 65 77 41 70 70 4c 61 75 6e 63 68 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 4c 61 75 6e 63 68 46 69 6c 65 73 43 61 6c 65 6e 64 61 72 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 50 65 72 6d 61 54 6f 67 67 6c 65 56 69 61 43 61 6c 6c 62 61 63 6b 46 69 6c 65 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 53 74 6f 70 43 61 6c 65 6e 64 61 72 52 65 6d 69 6e 64 65 72 73 57 68 65 6e 54 6f 67 67 6c 65 64 22 3a 74 72 75 65 2c 22 4e 65 77 41 70 70 54 6f 67 67 6c 65 43 61 6d 70 61 69 67 6e 45 43 68 65 63 6b 4d 6f 6e 61 72 63 68 49 6e 73 74 61 6c 6c 22 3a 66 61 6c 73 65 2c 22 4e 65 77 41 70 70 54 6f 67 67 6c 65
                                                    Data Ascii: lowAutoToggleViaCallbackFile":true,"NewAppExitAllAppsOnNewAppLaunch":true,"NewAppLaunchFilesCalendar":true,"NewAppPermaToggleViaCallbackFile":true,"NewAppStopCalendarRemindersWhenToggled":true,"NewAppToggleCampaignECheckMonarchInstall":false,"NewAppToggle
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 69 65 77 22 3a 74 72 75 65 2c 22 53 6b 69 70 48 79 64 72 61 74 65 64 46 69 72 73 74 52 75 6e 22 3a 74 72 75 65 2c 22 53 70 65 6c 6c 43 6f 72 72 65 63 74 65 64 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22 53 74 6f 72 61 67 65 50 61 67 65 43 6f 61 6c 65 73 63 65 4f 6e 49 64 6c 65 22 3a 74 72 75 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 49 64 43 61 63 68 65 41 6e 64 4f 6a 65 63 74 49 64 49 6e 64 65 78 44 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 49 6e 64 65 78 57 69 74 68 6f 75 74 53 6f 72 74 22 3a 74 72 75 65 2c 22 53 74 6f 72 65 43 6f 6c 6c 65 63 74 69 6f 6e 4f 62 6a 65 63 74 49 64 73 44 61 74 61 56 61 6c 69 64 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 74 6f 72 65 43 6f 6c 6c
                                                    Data Ascii: iew":true,"SkipHydratedFirstRun":true,"SpellCorrectedSearch":true,"StoragePageCoalesceOnIdle":true,"StoreCollectionIdCacheAndOjectIdIndexDataValidation":false,"StoreCollectionIndexWithoutSort":true,"StoreCollectionObjectIdsDataValidation":false,"StoreColl
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 56 69 65 77 22 3a 66 61 6c 73 65 2c 22 57 6f 72 64 44 61 72 6b 54 68 65 6d 65 22 3a 74 72 75 65 7d 7d 2c 7b 22 49 64 22 3a 22 55 6e 69 76 65 72 73 61 6c 52 65 61 63 74 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 45 6e 61 62 6c 65 4d 69 63 72 6f 73 6f 66 74 52 65 77 61 72 64 73 22 3a 66 61 6c 73 65 7d 7d 5d 2c 22 50 61 72 61 6d 65 74 65 72 47 72 6f 75 70 73 22 3a 6e 75 6c 6c 2c 22 46 6c 69 67 68 74 69 6e 67 56 65 72 73 69 6f 6e 22 3a 35 33 35 30 33 36 32 39 2c 22 49 6d 70 72 65 73 73 69 6f 6e 49 64 22 3a 22 34 34 38 39 30 31 42 30 36 33 39 36 34 34 33 37 42 30 44 31 35 31 43 45 38 31 34 46 46 31 39 35 22 2c 22 41 73 73 69 67 6e 6d 65 6e 74 43 6f 6e 74 65 78 74 22 3a 22 6f 75 75 6e 69 31 32 32 31 3a 2d 31 3b 65 78 70 66 72 66 6c 74 6f 75 75 6e 69 31
                                                    Data Ascii: View":false,"WordDarkTheme":true}},{"Id":"UniversalReact","Parameters":{"EnableMicrosoftRewards":false}}],"ParameterGroups":null,"FlightingVersion":53503629,"ImpressionId":"448901B063964437B0D151CE814FF195","AssignmentContext":"ouuni1221:-1;expfrfltouuni1
                                                    2024-08-27 18:14:41 UTC1024INData Raw: 65 39 39 31 31 63 66 3a 32 39 38 39 33 38 3b 6f 75 65 6e 63 39 39 33 31 3a 33 30 31 38 35 30 3b 6f 75 69 6e 6b 37 34 39 31 3a 33 34 31 31 36 39 3b 6f 75 73 74 6f 38 30 35 31 3a 34 30 34 34 39 38 3b 6f 75 63 61 6c 36 32 33 31 3a 33 30 30 37 30 38 34 35 3b 6f 75 73 65 72 34 36 30 31 3a 33 32 39 31 31 35 3b 6f 75 6e 65 77 39 37 37 31 3a 33 32 39 31 31 39 3b 6f 75 72 65 6d 32 37 33 31 3a 33 35 37 32 39 39 3b 6f 75 66 65 61 34 32 39 31 3a 33 36 37 33 30 35 3b 6f 75 73 75 70 36 36 33 30 3a 33 30 30 31 32 39 38 33 3b 6f 75 76 61 6c 32 33 33 30 3a 33 32 38 36 31 35 3b 6f 75 65 6e 61 39 31 35 31 3a 33 35 35 33 37 36 3b 6f 75 73 65 6e 33 32 36 31 3a 33 39 33 35 33 33 3b 6f 75 77 65 65 31 35 33 30 3a 33 34 30 32 32 39 3b 6f 33 36 35 63 68 65 63 6b 66 6f 72 67 6d 61
                                                    Data Ascii: e9911cf:298938;ouenc9931:301850;ouink7491:341169;ousto8051:404498;oucal6231:30070845;ouser4601:329115;ounew9771:329119;ourem2731:357299;oufea4291:367305;ousup6630:30012983;ouval2330:328615;ouena9151:355376;ousen3261:393533;ouwee1530:340229;o365checkforgma


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.184973220.44.239.154443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:14:46 UTC409OUTGET /settings/v2.0/office/olx?app=microsoft.windowscommunicationsapps&appVer=16.0.11629.20316&locale=en-CH&os=WINDOWS&osVer=10.0.19045&deviceClass=Windows.Desktop&deviceId=4186BE91-E256-4574-B32D-E3E73E51588C&ring=7 HTTP/1.1
                                                    Accept: */*
                                                    User-Agent: microsoft.windowscommunicationsapps
                                                    Accept-Language: en-CH
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: settings.data.microsoft.com
                                                    Connection: Keep-Alive
                                                    2024-08-27 18:14:46 UTC560INHTTP/1.1 200 OK
                                                    Cache-Control: no-cache,no-store
                                                    Content-Length: 194
                                                    Content-Type: application/json;charset=utf-8
                                                    ETag: 157:AE654997ABC9A917
                                                    Server: Microsoft-HTTPAPI/2.0
                                                    X-Content-Type-Options: nosniff
                                                    Content-Security-Policy: script-src https://settings-sandbox.data.microsoft.com https://settings-ppe.data.microsoft.com https://settings.data.microsoft.com http://onesettings-xbox-rp.com https://settings-win.data.microsoft.com
                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                    Date: Tue, 27 Aug 2024 18:14:46 GMT
                                                    Connection: close
                                                    2024-08-27 18:14:46 UTC194INData Raw: 7b 22 72 65 66 72 65 73 68 49 6e 74 65 72 76 61 6c 22 3a 22 31 35 37 22 2c 22 71 75 65 72 79 55 72 6c 22 3a 22 2f 73 65 74 74 69 6e 67 73 2f 76 32 2e 30 2f 6f 66 66 69 63 65 2f 6f 6c 78 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 41 4c 4c 4f 57 47 4d 41 49 4c 41 44 44 41 43 43 4f 55 4e 54 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 47 4d 41 49 4c 48 41 4e 44 4f 46 46 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 42 41 43 4b 22 3a 22 30 22 2c 22 46 4f 52 43 45 48 41 4e 44 4f 46 46 22 3a 22 31 30 30 22 7d 7d
                                                    Data Ascii: {"refreshInterval":"157","queryUrl":"/settings/v2.0/office/olx","settings":{"ALLOWGMAILADDACCOUNT":"0","FORCEGMAILHANDBACK":"0","FORCEGMAILHANDOFF":"0","FORCEHANDBACK":"0","FORCEHANDOFF":"100"}}


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.184973940.127.169.103443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:15:05 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rCdCH473Gw42DEk&MD=dhXPOHoK HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept: */*
                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                    Host: slscr.update.microsoft.com
                                                    2024-08-27 18:15:06 UTC560INHTTP/1.1 200 OK
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/octet-stream
                                                    Expires: -1
                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                    ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                    MS-CorrelationId: 85b868f8-0dd3-46a9-b803-fc68bb68b079
                                                    MS-RequestId: ea37dc24-6453-4dc0-b68f-ba45387b77d0
                                                    MS-CV: 3mADSkC+z0aQKXiP.0
                                                    X-Microsoft-SLSClientCache: 1440
                                                    Content-Disposition: attachment; filename=environment.cab
                                                    X-Content-Type-Options: nosniff
                                                    Date: Tue, 27 Aug 2024 18:15:05 GMT
                                                    Connection: close
                                                    Content-Length: 30005
                                                    2024-08-27 18:15:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                    Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                    2024-08-27 18:15:06 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                    Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.184974520.190.159.71443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:15:53 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                    Connection: Keep-Alive
                                                    Content-Type: application/soap+xml
                                                    Accept: */*
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                    Content-Length: 4828
                                                    Host: login.live.com
                                                    2024-08-27 18:15:53 UTC4828OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                    2024-08-27 18:15:53 UTC569INHTTP/1.1 200 OK
                                                    Cache-Control: no-store, no-cache
                                                    Pragma: no-cache
                                                    Content-Type: application/soap+xml; charset=utf-8
                                                    Expires: Tue, 27 Aug 2024 18:14:53 GMT
                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                    x-ms-route-info: C539_BL2
                                                    x-ms-request-id: fb7b7400-e2ad-4d8a-8deb-7025379365c7
                                                    PPServer: PPV: 30 H: BL02EPF0001D917 V: 0
                                                    X-Content-Type-Options: nosniff
                                                    Strict-Transport-Security: max-age=31536000
                                                    X-XSS-Protection: 1; mode=block
                                                    Date: Tue, 27 Aug 2024 18:15:52 GMT
                                                    Connection: close
                                                    Content-Length: 11177
                                                    2024-08-27 18:15:53 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.1849746104.93.21.160443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:15:54 UTC2760OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                                    X-Search-CortanaAvailableCapabilities: None
                                                    X-Search-SafeSearch: Moderate
                                                    Accept-Encoding: gzip, deflate
                                                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                    X-UserAgeClass: Unknown
                                                    X-BM-Market: CH
                                                    X-BM-DateFormat: dd/MM/yyyy
                                                    X-Device-OSSKU: 48
                                                    X-BM-DTZ: -240
                                                    X-DeviceID: 01000A410900B03D
                                                    X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75
                                                    X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                                                    X-BM-Theme: 000000;0078d7
                                                    X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZLvXvXHRTyXvrHjUnJH5Qrh4oXIJGuZYQuuswi3QT5ZTKAfmFht5LCQAFaQJ88Lq9XSYA8sI2CA7klIYMOi1IfFYalXrDvqns688IjaoTSj6/8P4ljHYlU%2BDHztF1g2P8UjYzu0c7KbDhK5v1KiRL29/Xu4tU6diIgMRD%2BQlDI7873luzxaKMVx1lwCeF16IZ9M2woOTKsqMbZkpxvblpHZTBcYdU7iqiVlktSsosrWAovIn9G81aZ%2Baa6ujS8r9LDAPAhRXPpzXw%2BeLEwnnpZf7mjZcFfwiBIsMkB5OcgA8FZESF97w9qU19qOv8WafkkCjVz0GQJNKvsp021IbroQZgAAEPVbzBeUov08oognOxMStSOwAVb7vC7PJUF%2Bhyz5AN8TEmojrzG/ISHxawiXlAPRGIengjobekwG2Uk1FyMRSWjsaDonVpmcTJTqifZ%2BNeTGxcodck93%2BnLCeNBamZScnXtH6vGRLqJW%2BgCdIzY2c6qel5FNqXnSNsHagioNfAGiNondmb/2YnDSRTX7bsqERGq69jN0wZtPq3faefejUmP2kl%2BCki%2Bblw5ufG/R1jmR/%2B9Nl8RAdooBjjuTN%2Bm7u1QFIRZPARXNm8O5iRJVyC1blPCkg4gc0vB6Wwdh8C5l8%2BBc/0E%2BqrkvHLSz9YKuWMvNq8FJj4Cm4T66nPIBpTMVHbk0npiKA3sWu9sKwJ5QEPxJwbdkCaKFqLkXtMBM9UgAl7IX2rM6/DB/UOJwOg0YMRxElIAJvk0jtnEFkSQDdv13tz84F7AIeFR3AvUXCCb9FSZEREwzlO3cq7/qxYtvm6lXeLsO%2BkvXQ1XlpOVsw/tujCH676/Q3FJPDqQFRYdxt%2BRMD5YJnYE%2Bd7Lgfag691gUDFZDUK1gGm2h85fIS2pglNNsMg107F9AIv763O8 [TRUNCATED]
                                                    X-Agent-DeviceId: 01000A410900B03D
                                                    X-BM-CBT: 1724782551
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                    X-Device-isOptin: false
                                                    Accept-language: en-GB, en, en-US
                                                    X-Device-Touch: false
                                                    X-Device-ClientSession: 4C3818340B074C0783E5863BB529B949
                                                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                    Host: www.bing.com
                                                    Connection: Keep-Alive
                                                    Cookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
                                                    2024-08-27 18:15:54 UTC1197INHTTP/1.1 200 OK
                                                    Content-Length: 2215
                                                    Content-Type: application/json; charset=utf-8
                                                    Cache-Control: private
                                                    X-EventID: 66ce17da141a47a88d423cd0681a55c9
                                                    X-AS-SetSessionMarket: de-ch
                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                    X-XSS-Protection: 0
                                                    P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                    Date: Tue, 27 Aug 2024 18:15:54 GMT
                                                    Connection: close
                                                    Set-Cookie: _EDGE_S=SID=3A80D3A9735C6FC30F18C74172646EF9&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                                    Set-Cookie: SRCHHPGUSR=SRCHLANG=en&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; domain=.bing.com; expires=Sun, 21-Sep-2025 18:15:54 GMT; path=/; secure; SameSite=None
                                                    Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                                    Set-Cookie: _SS=SID=3A80D3A9735C6FC30F18C74172646EF9; domain=.bing.com; path=/; secure; SameSite=None
                                                    Alt-Svc: h3=":443"; ma=93600
                                                    X-CDN-TraceID: 0.8d155d68.1724782554.1a97f308
                                                    2024-08-27 18:15:54 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                                    Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    18192.168.2.184975052.182.143.211443
                                                    TimestampBytes transferredDirectionData
                                                    2024-08-27 18:18:58 UTC828OUTPOST /OneCollector/1.0/ HTTP/1.1
                                                    Accept: */*
                                                    APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521
                                                    AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAEGllNoC2NeE8qC1/jr3wZi/gAHAzsYDhekwwsGpV7PCGDhup0wOu0I1TfRVFkO5AdsbsvH1ug2mvU231IEVXqN0EeuARU0rO7fu5iu60t5OOaUsnGZ0PFa56TKf7gl2Zf5cJMUOJPhngPF7IOg4yMu+b8izH2E0amOSu9MQnPw+tiajsVEppele/0QUhUI8pLRAtoCaxdKPbzcXE5ucOGhvggfmhMP/ze0yOjvMp4qHGsS6aJwlosGbUI4TZj/d5aQDEB5ExzSwm43/g14m7XpVmNH8Z1HNDgvS9J4UnXjFIEMnxKfXd8RgPr8YUaniPWM8SHQE=&p=
                                                    Client-Id: NO_AUTH
                                                    Content-Encoding: deflate
                                                    Content-Type: application/bond-compact-binary
                                                    Expect: 100-continue
                                                    SDK-Version: EVT-Windows-C++-No-3.4.15.1
                                                    Upload-Time: 1724782736695
                                                    Host: self.events.data.microsoft.com
                                                    Content-Length: 8080
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    2024-08-27 18:18:58 UTC8080OUTData Raw: ed 7c 4b cc 5c 47 76 5e eb 61 85 a2 28 8a 23 69 34 92 46 1e d1 84 66 32 f2 74 ff a9 f7 a3 11 c3 43 f1 a7 46 9c 88 43 85 3f f5 18 03 06 73 bb fb 76 f7 25 fb ef fb ab 1f 7c 08 5e 08 b3 30 e0 00 0e 42 1b 06 82 ac 06 46 10 5b 80 1d 24 40 b2 48 56 06 92 45 26 cc 26 48 76 f1 22 41 90 8d 57 86 91 07 90 64 91 ef d4 7d 55 17 7f 71 c6 83 81 e0 01 48 80 20 4f 55 dd aa ba 55 e7 7c e7 3b a7 aa ef 9b 4f c8 3d 76 49 5d 99 4e 8b 71 7e fd e0 ee 7a 93 1f d6 ff bc 93 67 8b cd fc 72 be c9 26 d9 26 db cf 6f a1 c5 85 72 b9 2e 17 05 0a f2 c9 c7 ff e8 f7 fe ec 5f 7f fa cf fe db 9f 7e e9 b3 73 e5 70 3c 71 d2 18 61 0c e7 63 35 ce b2 cc 4d c7 7a 24 72 2b 5c 9e 3b 3e f9 0f 4f fd e0 c9 fb 5f 3e f9 58 71 ea 83 cb b7 b3 55 de 3f 7b 69 39 de fb ad 93 95 24 58 9f f7 ee bf 74 f2 b1 de fd
                                                    Data Ascii: |K\Gv^a(#i4Ff2tCFC?sv%|^0BF[$@HVE&&Hv"AWd}UqH OUU|;O=vI]Nq~zgr&&or._~sp<qac5Mz$r+\;>O_>XqU?{i9$Xt
                                                    2024-08-27 18:18:58 UTC25INHTTP/1.1 100 Continue
                                                    2024-08-27 18:18:58 UTC443INHTTP/1.1 200 OK
                                                    Content-Length: 9
                                                    Content-Type: application/json
                                                    Server: Microsoft-HTTPAPI/2.0
                                                    Strict-Transport-Security: max-age=31536000
                                                    time-delta-millis: 1774
                                                    Access-Control-Allow-Headers: time-delta-millis
                                                    Access-Control-Allow-Methods: POST
                                                    Access-Control-Allow-Credentials: true
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Expose-Headers: time-delta-millis
                                                    Date: Tue, 27 Aug 2024 18:18:57 GMT
                                                    Connection: close
                                                    {"acc":4}


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:14:14:17
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (61).eml"
                                                    Imagebase:0x390000
                                                    File size:34'446'744 bytes
                                                    MD5 hash:91A5292942864110ED734005B7E005C0
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:3
                                                    Start time:14:14:19
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "415CD50A-3286-4708-9E21-1ACF4964AB02" "ED24CD48-F495-4908-A499-5C520B0A7F1B" "6912" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                    Imagebase:0x7ff65ab70000
                                                    File size:710'048 bytes
                                                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:13
                                                    Start time:14:14:33
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femp.eduyield.com%2Fel%3Faid%3D2wu0dda0e6c-1865-11ef-80aa-0217a07992df%26rid%3D33766156%26pid%3D771868%26cid%3D497%26dest%3Dgoogle.com.%2F%2F%2F%2Famp%2Fs%2Fbioesolutions.com%2Fdayo2%2Fuinkt%2FY21vbGluYUBzYW50YWNsYXJhY2EuZ292%24%25C3%25A3%25E2%2582%25AC%25E2%2580%259A&data=05%7C02%7Ccmolina%40santaclaraca.gov%7Cc439d18c221146681bbb08dcc3aa8fd7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638600385360362045%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=5B3d9674B%2BWxyo45cg9topT2ESfmQUifAcHQ8hIzpHw%3D&reserved=0
                                                    Imagebase:0x7ff728d30000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:14
                                                    Start time:14:14:33
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1972,i,3396503775361026336,9902616994921859969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                    Imagebase:0x7ff728d30000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:15
                                                    Start time:14:14:38
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
                                                    Imagebase:0x7ff7afe10000
                                                    File size:2'486'784 bytes
                                                    MD5 hash:6F8EAC2C377C8F16D91CB5AC8B8DBF5F
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:false

                                                    General

                                                    Target ID:21
                                                    Start time:14:14:42
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
                                                    Imagebase:0x7ff6831d0000
                                                    File size:274'432 bytes
                                                    MD5 hash:6FEB00C9A2C3FF66230658B3012BAB6A
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:false

                                                    General

                                                    Target ID:23
                                                    Start time:14:14:51
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" /b /id 2972_1168870213 /if pdfshell_prev00247cc8-fc9c-469d-a24b-5c21c15243a2 /CR
                                                    Imagebase:0x7ff649650000
                                                    File size:5'641'176 bytes
                                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:24
                                                    Start time:14:14:53
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\FPE3LZSO\hbgnj.pdf"
                                                    Imagebase:0x7ff649650000
                                                    File size:5'641'176 bytes
                                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:25
                                                    Start time:14:14:54
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                    Imagebase:0x7ff71a6b0000
                                                    File size:3'581'912 bytes
                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:26
                                                    Start time:14:14:54
                                                    Start date:27/08/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1556,i,13234393440631177627,15431578782892992612,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                    Imagebase:0x7ff71a6b0000
                                                    File size:3'581'912 bytes
                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    Disassembly

                                                    No disassembly