Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Password Expiration Notification.msg

Overview

General Information

Sample name:Password Expiration Notification.msg
Analysis ID:1500504
MD5:e6cad8432f48a38ddcdb1269e6e1aeab
SHA1:33791152439eff3f4e5997ab9137efa041be9789
SHA256:663476c8d6476fc55ef97c01e6174cc91a2a913546ec4f260dfef10fae5f20c0
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 3508 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Password Expiration Notification.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7100 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "91A55A5E-0045-4C5A-AC4D-9558E075E569" "A9FCC9BB-0589-4C94-9781-4C41417832DE" "3508" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLwhWsX_2B-jpMl08ribdVPIr28mdRJYSjtOFjYQymRiHOGfARsYbMGywkIEb_zjA2vsnLNnpUCH0rMUzs1r-HOaIbHYFF7fj1_dujsRYQUh6z8j1U07y8BkYxoKhUvGV5zch8lF&c=#hazmatinfo@faa.gov MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1960,i,7616632468202148519,7500754851358041386,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3508, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/#hazmatinfo@faa.govSlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/favicon.icoAvira URL Cloud: Label: phishing
Source: https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLAvira URL Cloud: Label: phishing
Source: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/Avira URL Cloud: Label: phishing
Source: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/#hazmatinfo@faa.govHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 20.190.160.14:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.76
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bAppL76uu8gacav&MD=dDOyFLyb HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: webmail0ft0-3ddegcq2fjoyjdafec.web.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: webmail0ft0-3ddegcq2fjoyjdafec.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bAppL76uu8gacav&MD=dDOyFLyb HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: a.rs6.net
Source: global trafficDNS traffic detected: DNS query: webmail0ft0-3ddegcq2fjoyjdafec.web.app
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 21265Cache-Control: max-age=0Content-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Wed, 28 Aug 2024 13:27:58 GMTX-Served-By: cache-ewr-kewr1740030-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1724851678.075061,VS0,VE31Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 21265Cache-Control: max-age=0Content-Type: text/html; charset=utf-8Strict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Wed, 28 Aug 2024 13:27:59 GMTX-Served-By: cache-ewr-kewr1740046-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1724851680.702221,VS0,VE26Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: Password Expiration Notification.msgString found in binary or memory: http://schema.org
Source: Password Expiration Notification.msg, ~WRS{A16132D9-FA55-4A1E-BE26-EE90B5EF6BEB}.tmp.0.drString found in binary or memory: https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBL
Source: chromecache_73.13.dr, chromecache_71.13.drString found in binary or memory: https://firebase.google.com
Source: chromecache_73.13.dr, chromecache_71.13.drString found in binary or memory: https://firebase.google.com/docs/hosting/
Source: chromecache_73.13.dr, chromecache_71.13.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_72.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownHTTPS traffic detected: 20.190.160.14:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: classification engineClassification label: mal48.winMSG@18/27@6/4
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T0927450293-3508.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Password Expiration Notification.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "91A55A5E-0045-4C5A-AC4D-9558E075E569" "A9FCC9BB-0589-4C94-9781-4C41417832DE" "3508" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLwhWsX_2B-jpMl08ribdVPIr28mdRJYSjtOFjYQymRiHOGfARsYbMGywkIEb_zjA2vsnLNnpUCH0rMUzs1r-HOaIbHYFF7fj1_dujsRYQUh6z8j1U07y8BkYxoKhUvGV5zch8lF&c=#hazmatinfo@faa.gov
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1960,i,7616632468202148519,7500754851358041386,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "91A55A5E-0045-4C5A-AC4D-9558E075E569" "A9FCC9BB-0589-4C94-9781-4C41417832DE" "3508" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLwhWsX_2B-jpMl08ribdVPIr28mdRJYSjtOFjYQymRiHOGfARsYbMGywkIEb_zjA2vsnLNnpUCH0rMUzs1r-HOaIbHYFF7fj1_dujsRYQUh6z8j1U07y8BkYxoKhUvGV5zch8lF&c=#hazmatinfo@faa.govJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1960,i,7616632468202148519,7500754851358041386,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/#hazmatinfo@faa.gov100%SlashNextCredential Stealing type: Phishing & Social Engineering
http://schema.org0%URL Reputationsafe
https://firebase.google.com0%Avira URL Cloudsafe
https://firebase.google.com/docs/hosting/0%Avira URL Cloudsafe
https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/favicon.ico100%Avira URL Cloudphishing
https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBL100%Avira URL Cloudphishing
https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
webmail0ft0-3ddegcq2fjoyjdafec.web.app
199.36.158.100
truefalse
    		unknown
    www.google.com
    		142.250.185.132
    		truefalse
      		unknown
      a.rs6.net
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/#hazmatinfo@faa.govtrue
        • SlashNext: Credential Stealing type: Phishing & Social Engineering
        		unknown
        https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/false
        • Avira URL Cloud: phishing
        		unknown
        https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/favicon.icofalse
        • Avira URL Cloud: phishing
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://firebase.google.com/docs/hosting/chromecache_73.13.dr, chromecache_71.13.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://schema.orgPassword Expiration Notification.msgfalse
        • URL Reputation: safe
        		unknown
        https://firebase.google.comchromecache_73.13.dr, chromecache_71.13.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLPassword Expiration Notification.msg, ~WRS{A16132D9-FA55-4A1E-BE26-EE90B5EF6BEB}.tmp.0.drfalse
        • Avira URL Cloud: phishing
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        142.250.185.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        199.36.158.100
        		webmail0ft0-3ddegcq2fjoyjdafec.web.appUnited States
        		15169GOOGLEUSfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse

        Private

        IP
        192.168.2.16

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1500504
        Start date and time:2024-08-28 15:27:15 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 4s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:17
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Password Expiration Notification.msg
        Detection:MAL
        Classification:mal48.winMSG@18/27@6/4
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .msg

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 52.113.194.132, 184.28.90.27, 20.189.173.10, 142.250.186.78, 66.102.1.84, 142.250.185.195, 104.18.43.28, 172.64.144.228, 34.104.35.123, 142.250.185.202, 142.250.186.67, 142.250.185.227
        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, clients2.google.com, login.live.com, e16604.g.akamaiedge.net, update.googleapis.com, prod.fs.microsoft.com.akadns.net, clients1.google.com, ecs.office.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, settings-win.data.microsoft.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, a.rs6.net.cdn.cloudflare.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, onedscolprdwus09.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, clients.l.google.com, mobile.events.data.trafficmanager.net
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtQueryAttributesFile calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: Password Expiration Notification.msg

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        239.255.255.250https://google.mg/url?hl=en&q=https://google.nr/url?q=Gl7qws6TcZ&rct=4214&sa=t&esrc=vax&source=Gl7qws6TcZ&cd=Nzpn8b&cad=Gl7qws6TcZD5&ved=Gl7qws6TcZ84214G&uact=82299&url=amp%2Fgoogle.com.pg/amp/cli.re/rp5Y1r#YW5kcmV3QGhlZWRkaWdpdGFsbWVkaWEuY29t%2F&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=5108318229914681&usg=AOGl7qws6TcZjng81rOWFwZGl7qws6TcZqR81Get hashmaliciousHTMLPhisherBrowse
          mmclaughlin-In Service Agreement-41918.pdfGet hashmaliciousHTMLPhisherBrowse
            mbda-us.comAudiowav012.htmlGet hashmaliciousHTMLPhisherBrowse
              https://berajpaints.com.pk/tag/dolor/Get hashmaliciousUnknownBrowse
                http://jop2024.sciencesconf.org/Get hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    mbda-us.comAudiowav012.htmlGet hashmaliciousHTMLPhisherBrowse
                      Proforma.Invoice.Payment.$$.htmlGet hashmaliciousUnknownBrowse
                        https://hattenforlag.seGet hashmaliciousUnknownBrowse
                          https://pharmakon-my.sharepoint.com/:f:/g/personal/338im_apoteket_dk/Eq4jY345UJRKi6ZZAILr_qwBOqxx0J6kY0J-kac06geioQ?e=XPAoa6%20pharmakon-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            28a2c9bd18a11de089ef85a160da29e4https://google.mg/url?hl=en&q=https://google.nr/url?q=Gl7qws6TcZ&rct=4214&sa=t&esrc=vax&source=Gl7qws6TcZ&cd=Nzpn8b&cad=Gl7qws6TcZD5&ved=Gl7qws6TcZ84214G&uact=82299&url=amp%2Fgoogle.com.pg/amp/cli.re/rp5Y1r#YW5kcmV3QGhlZWRkaWdpdGFsbWVkaWEuY29t%2F&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=5108318229914681&usg=AOGl7qws6TcZjng81rOWFwZGl7qws6TcZqR81Get hashmaliciousHTMLPhisherBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            mmclaughlin-In Service Agreement-41918.pdfGet hashmaliciousHTMLPhisherBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            https://berajpaints.com.pk/tag/dolor/Get hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            http://jop2024.sciencesconf.org/Get hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            file.exeGet hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            mbda-us.comAudiowav012.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            Proforma.Invoice.Payment.$$.htmlGet hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            https://hattenforlag.seGet hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            https://pharmakon-my.sharepoint.com/:f:/g/personal/338im_apoteket_dk/Eq4jY345UJRKi6ZZAILr_qwBOqxx0J6kY0J-kac06geioQ?e=XPAoa6%20pharmakon-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157
                            https://imgsservices.ie/HKMrD4Ztldw5uNaEW+73vcXrOWrXKBdxzI6PlBN7c7tj36QVE2qq8Fre1ethXlQS0Vdpjcl0fxXxUC+1VOEPDBkl6fYgX98xRZi20xNpiMSAubKqaA8uQ6NtDDF1dx/7dYKqtrNpV+Y15SGmlgeflGQdz4P/aOce+Br9ePe5jp8=Get hashmaliciousUnknownBrowse
                            • 20.190.160.14
                            • 40.126.32.76
                            • 51.104.136.2
                            • 40.68.123.157

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):231348
                            Entropy (8bit):4.3815945060925365
                            Encrypted:false
                            SSDEEP:6144:x/a9EFFB8Dsdmi296Pl+cuYBHFHngplcXtL860QzriX4cHR5K+6Mr:rFLC7
                            MD5:9FB3BE383384688D3AC3D5CC67F59558
                            SHA1:280B96689140B48480AD9FB1C5A07B938DD7F60A
                            SHA-256:BD4BF019E1CC845BD20D9A77CC095A6872E535931ADF62992AD5C31934CFDC98
                            SHA-512:AB4FFDF7C42F3DC00D8E53D33A1C2028991A9E49B6E65B1498EFC1CD8D86C3FDD9A098C9C5EA811B47F324689BC2FD53112E65C69D3452E7884062797544BA78
                            Malicious:false
                            Reputation:low
                            Preview:TH02...... ...N.......SM01X...,....U..N...........IPM.Activity...........h...............h............H..h|.......7......h............H..h\cal ...pDat...h.d..0.........h_..{...........h........_`Pk...h...{@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h.6yk........#h....8.........$h........8....."h`.......0.....'h..............1h_..{<.........0h....4....Uk../h....h.....UkH..h.X..p...|.....-h .............+h...{....p................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):521377
                            Entropy (8bit):4.9084889265453135
                            Encrypted:false
                            SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                            MD5:C37972CBD8748E2CA6DA205839B16444
                            SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                            SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                            SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                            Category:dropped
                            Size (bytes):773040
                            Entropy (8bit):6.55939673749297
                            Encrypted:false
                            SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                            MD5:4296A064B917926682E7EED650D4A745
                            SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                            SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                            SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):32768
                            Entropy (8bit):0.04539113616260173
                            Encrypted:false
                            SSDEEP:3:Gtlxtjl6UgXtTI/ltlxtjl6UgXtJll9R9//8l1lvlll1lllwlvlllglbelDbllAC:GtEtEttEtxX9X01PH4l942wU
                            MD5:C2ACC5802264A7A29D41B3365A137F52
                            SHA1:135F1B33886F7BE41278E049532B2144712D7ADA
                            SHA-256:2A74BBA2E18867B5C893811D7B9FD487BED0548A156B076DE9DBAD129B5015E0
                            SHA-512:5A27CBBF9903CDFAFF73A08F05EBD38E1F3CBBD54C56B62D01716F2F967C2110A0CF9F4CC48D65E0FA9376A426C072343D8B4338A0A91508883121032ED462D2
                            Malicious:false
                            Reputation:low
                            Preview:..-......................k..-.M...I....D....Fs...-......................k..-.M...I....D....Fs.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:SQLite Write-Ahead Log, version 3007000
                            Category:modified
                            Size (bytes):49472
                            Entropy (8bit):0.48444173456536505
                            Encrypted:false
                            SSDEEP:48:IG2Q1UKUll7DYMD8UzO8VFDYMsYBO8VFDYML:HEll42XjVGUjVGC
                            MD5:C271805968C9FDDB7382CEA848C8B873
                            SHA1:CED602576D8AB8F2AFD42F7C2835A40F714288D8
                            SHA-256:65256683BFCA88C78A949D1B7D58C4581D234C09230C13CA02BA8D8D8DDBE8F0
                            SHA-512:CB5F775C8F76FD1F4FA0FE0E9DAAFFE8BD8798AE56679FB89C58F8D4E53EF928DB61758B01B098016EE8EF82D1FEBCC02BD817B24D3ADC7EC62990BD6D0F1B6A
                            Malicious:false
                            Reputation:low
                            Preview:7....-............I.....~..[ -...........I....H.3.U-.uSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A16132D9-FA55-4A1E-BE26-EE90B5EF6BEB}.tmp

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):2544
                            Entropy (8bit):3.128196614899628
                            Encrypted:false
                            SSDEEP:24:fHMMIFYmv6FsJgPNtZ7GhKJRWH3yS3sRIv/YXox79kzLUI+jQIhPRPeCdceZ60s8:fXqV6Fsq1ehKIll7OLLWRTOeZzsq
                            MD5:C913BCB23E368D2A58CF0181253B2C2F
                            SHA1:5F96762F4B9C6C0D117CD104AF926B375D26B783
                            SHA-256:1D316EAD12F74A1725152701CE855759D717E804DF1FFEB55AEC6A59B20B8FAC
                            SHA-512:A0BD9707EB2B3A085622A6E2F4719F02975791260486D4B693620252BD1CEC9C2A73E11E5C6F0424810EC1C354F328E9DCA90898B9B88110DE41E7200A17509C
                            Malicious:false
                            Reputation:low
                            Preview:........D.e.a.r. .h.a.z.m.a.t.i.n.f.o.@.f.a.a...g.o.v.........T.h.e...p.a.s.s.w.o.r.d. .f.o.r...H.Y.P.E.R.L.I.N.K. .".m.a.i.l.t.o.:.r.e.f.a.c.s.@.b.a.t.e.l.c.o...c.o.m...b.h.". .\.o. .".T.h.i.s. .e.x.t.e.r.n.a.l. .l.i.n.k. .o.p.e.n.s. .i.n. .a. .n.e.w. .w.i.n.d.o.w.". .\.t. ."._.b.l.a.n.k.".............................................................................................................................................................................................................................................8...<...>.................................................................................................................................................................................................................................................................................................................................................................................................................*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724851665520330500_8999945D-9DF4-4878-8CFC-9F716434146E.log

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:ASCII text, with very long lines (28773), with CRLF line terminators
                            Category:dropped
                            Size (bytes):20971520
                            Entropy (8bit):0.1797057500452755
                            Encrypted:false
                            SSDEEP:1536:M9FbIzoYT67K/8L2/o5+5ClQNildVpQA8YjeRRU1UuOmB/ojqeTZajBIN/4gl2hy:bzZ4K/zeIB30W2hy
                            MD5:D9CB5F75E3BF8D1E0C97CCA95106A84D
                            SHA1:F11DBA0C54B063F378EF52FD7AFB503BA16573C5
                            SHA-256:0E0906E8F29D282B03BC1E68EC651894A087C53CA6B985E96F50B28BC18DD245
                            SHA-512:1F800BA7E07A08F500785CEF28308F57A9F5295673B9AD1685F2047636E12629897AC6AB69304C8A28F5370C970EC234571685439C0C290C74CA8E24DF576F6E
                            Malicious:false
                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/28/2024 13:27:45.549.OUTLOOK (0xDB4).0x1304.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-08-28T13:27:45.549Z","Contract":"Office.System.Activity","Activity.CV":"XZSZifSdeEiM/J9xZDQUbg.4.11","Activity.Duration":17,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/28/2024 13:27:45.565.OUTLOOK (0xDB4).0x1304.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-08-28T13:27:45.565Z","Contract":"Office.System.Activity","Activity.CV":"XZSZifSdeEiM/J9xZDQUbg.4.12","Activity.Duration":11630,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVe

                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724851665521116900_8999945D-9DF4-4878-8CFC-9F716434146E.log

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):20971520
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3::
                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                            Malicious:false
                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T0927450293-3508.etl

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):90112
                            Entropy (8bit):4.463195935037757
                            Encrypted:false
                            SSDEEP:768:8OdAYtVVuVP9ST54XR9jf9bXqkh8N+HWyW0WqWZNKMB:Zn4XR9jf9bXqdNFj
                            MD5:038E8FF9989AE15A490BEA95CEB16EE3
                            SHA1:C5D9372CF7AC11A8F32C843C7E376082144E80E6
                            SHA-256:11CA6950C512CA7B451DB99CB8789BE3350E7FCAC046B7723DFB5B4DBE14FC02
                            SHA-512:B0E9788C4FBC0EA7FD187C49B3F40DEBDEC9220940840A02897E142E6EA1E4753F8D2A73ABF984DE2A05020D1AB92816E9CFA6163FA986DB2CC655C502495A93
                            Malicious:false
                            Preview:............................................................................^............>.N...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`....Y...........>.N...........v.2._.O.U.T.L.O.O.K.:.d.b.4.:.8.8.2.c.7.e.e.5.f.9.8.f.4.8.1.a.a.7.4.2.4.c.e.1.4.1.6.5.2.b.5.0...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.8.T.0.9.2.7.4.5.0.2.9.3.-.3.5.0.8...e.t.l.........P.P........./ A.N...........................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\~DF2A44F39653AACB7D.TMP

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):163840
                            Entropy (8bit):0.45541774332592655
                            Encrypted:false
                            SSDEEP:192:zsRHwJb4OZRlhPP+XI0Ar4eCUAxm1EvNgz0XHWQOoqAbAWUNh/:lMOPDPP+Lc4eOxm17z0XHOoqM
                            MD5:88B723317CAFC5797243D2AC00FA4ABC
                            SHA1:809DC13DD514D2450669AA8BAB07D5082970EB53
                            SHA-256:1AAA12961E6B41ED769F54BB5C6C9C31FA925744CCFE000BF70EC3EA2F9B8278
                            SHA-512:27338CE5B76CD27D6E9B0ACC688518BEA1EA936178F41B1C97D46E6A29DB7F26DBE1D203B0B7A37030E476B8FF9AB06AAB1B9D07CCC6C57C77B01B40EF7A4949
                            Malicious:false
                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):30
                            Entropy (8bit):1.2389205950315936
                            Encrypted:false
                            SSDEEP:3:EQh/t:E6
                            MD5:8FA1DFAD76CF16BE504C0A3F029A0BA6
                            SHA1:B68150E0F0A882C4CDB3C401CBE06D7AC7484B44
                            SHA-256:CEB22927044E6C26D35C567C6AF2F2141E584D11A017517FBB1057BD3E932718
                            SHA-512:F37A1A767C5138B532B8DA84285BA7D4C615FC63710A5775EB69C010416B3F929A38A005CF34F455087598C71CA132FEBD9387F1B53063CBE5420E2CF09E9C03
                            Malicious:false
                            Preview:..............................

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 12:27:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.9851998021264605
                            Encrypted:false
                            SSDEEP:48:8EHdZTBNnHRidAKZdA1FehwiZUklqehvy+3:84LbYy
                            MD5:1577900642E6CFBD8238040B1E4E17A4
                            SHA1:D1ABF0A8C86995784960C9B3F28137F967BB3D14
                            SHA-256:9F46BDD883ABA66320A1BE697F17F0561D2EB21B8D23D3DD167E61B5A1FBB579
                            SHA-512:7BE1D46A9C0DA7DC363FE01D713C479C34DD767CF5B5CE76AB97E0810A1C0A72BDBD3956C387927329CA428D8EAB632AA13420EA7FAD35BB66D3BC41D7F9A56F
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,........N...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 12:27:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.000023687416118
                            Encrypted:false
                            SSDEEP:48:8YHdZTBNnHRidAKZdA1seh/iZUkAQkqehIy+2:88LF9QNy
                            MD5:1958791826CF453073834A9567677716
                            SHA1:167A5752A52C0F1A4B840F9A2B29AA92542C5244
                            SHA-256:119334D1DE072910F5AA061CD493BE72FC89E5A7EC738114F1ED6E95C20CA63F
                            SHA-512:7B9AA7704B121B4C63F6DF0ABE542108C2B3076B085474037CFA56BCB541360A24CFA1A2E5F7FEE1EE17A2D64CDE702E55F8BF5D137B65CE51DDDF3E71437CF3
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,....u8..N...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.00906368124432
                            Encrypted:false
                            SSDEEP:48:86HdZTBNAHRidAKZdA14meh7sFiZUkmgqeh7sGy+BX:8uLwncy
                            MD5:3811576ED5524C20E96D780440405F0D
                            SHA1:2A3ED398F563E96CB905874A99E395E2079C36DD
                            SHA-256:97B2127673E563A29DFFB2773CCE1FE6C17A7AF250523324D659593EEA8A0E55
                            SHA-512:D0C8D0CA83DACFE36A6EAA9F15D118C5782F81A0BB3D118C8D15333AFCDD822028B3A1B8156C6E049CF661094A75E3CD107649DD35765C58C41FC0CCF845DDAC
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 12:27:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):4.002589110542153
                            Encrypted:false
                            SSDEEP:48:8FHdZTBNnHRidAKZdA1TehDiZUkwqehUy+R:89LWey
                            MD5:2D5580184812775E8A320FDE7F097843
                            SHA1:CC8BA4BC9367A79214B9D86949CF61E5B54AB016
                            SHA-256:5E1BE444E07C1FE83B63A393B0FC0E06AC0F11934DCE2EF5FE8E1DC8AFDCF274
                            SHA-512:37CC3A1E17A85ECDF25F14FE50395C168411E8F16CF8B1BA9D34EE2709A48FEB5A18CEB7D1C99A1C91E9808639D57D3A7784CC38F9D19A3C6537F852590BA347
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,....z...N...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 12:27:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.989666064750891
                            Encrypted:false
                            SSDEEP:48:8lHdZTBNnHRidAKZdA1dehBiZUk1W1qehay+C:8dLW96y
                            MD5:F8EA09A01881C25C4B0A41D9D801A846
                            SHA1:7A4C7563E12CD97BB3E53370B99F45DCE5F99050
                            SHA-256:E49F0131DFB6F8DAF9B0CF4C1EFA4C7E28C66E9F15946CF3EA037749AFBD8A01
                            SHA-512:FAC02A49A303F8762693F4FC2E057D36C7990A59B075D9322CD209A78A3E3DF4BCC6AF20F64AA28887AA5568266F8CFE21922258DDEA21C5D5F2507133E078FA
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,........N...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 12:27:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.9974321073577728
                            Encrypted:false
                            SSDEEP:48:8KiHdZTBNnHRidAKZdA1duTeehOuTbbiZUk5OjqehOuTbcy+yT+:8KGLsTfTbxWOvTbcy7T
                            MD5:39C90829B6FF5F8BCE6BD518EA6CD0D2
                            SHA1:59DE14754F09B7463651A7577FB99CA961A89C4E
                            SHA-256:E89E4501B2580991A8177B1012B1CACA19E7BCB4AF8A61391315DB55D0676700
                            SHA-512:8C2709FC23AFD7CAC8CD5B9AF91A917A7206ABB165492CFAD9118DCD386A3501C7CBDF52BC9E86D73097A98D562237D5BE14F9213F0100DF741C19A5724CCF44
                            Malicious:false
                            Preview:L..................F.@.. ...$+.,.....L..N...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Ynk....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|k....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y|k....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y|k..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.k...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............c{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:Microsoft Outlook email folder (>=2003)
                            Category:dropped
                            Size (bytes):271360
                            Entropy (8bit):1.328182239701351
                            Encrypted:false
                            SSDEEP:768:2nQcdf5g6Dleuv6Pj+yc63ibTKLKyjskGKF5rPwztNVTItMnp:KqivAj+y6/Wr8tgtO
                            MD5:098F8158D07E49CCC21524B7D3E94219
                            SHA1:FCA7C36D1769C0AB134E5E6B1A7950AB2DB10690
                            SHA-256:8E2D7923353B8146B4E461F5F0DFB63DE378CB35467A8BB1A478807528D2D483
                            SHA-512:270CDF1FA9DB6AF079FCA52E1F0122002E3A35C22E5F5CA7CC7C08F1493B33E8A53037CA23D2664BC1AAC6CEB4673A26B4AE869265336ABCE390C1F655BE5F65
                            Malicious:false
                            Preview:!BDN....SM......\.......................U................@...........@...@...................................@...........................................................................$.......D......@N..........................................................................................................................................................................................................................................................................................................................<............S......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):131072
                            Entropy (8bit):1.1307583434368904
                            Encrypted:false
                            SSDEEP:384:7jxjTIgaDeHjigfeMnJySLDNP1HRyHWO+9OQNqrGP2:VTINK5fesNP5kpA
                            MD5:44EB9BF582A1D2E5D7783BF9816879FF
                            SHA1:F8290821C2E497D8F7279BD3D284AA1957EEF63C
                            SHA-256:916D4D9BDF84B43528FA9C379DB6FFB465DD1FCC44C65D25ACD8CF234C479C1F
                            SHA-512:288925F64F25839FE6C2B3047571C7A4E28A928C8BBB0B5A70D00688C14192F4B9FC92095E252079A1B33615044BD32184ACE364E8F1547779F68ED0AC16C909
                            Malicious:false
                            Preview:7.UkC...T...........<...N.....................#.!BDN....SM......\.......................U................@...........@...@...................................@...........................................................................$.......D......@N..........................................................................................................................................................................................................................................................................................................................<............S..<...N........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                            Chrome Cache Entry: 70

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
                            Category:downloaded
                            Size (bytes):18536
                            Entropy (8bit):7.986571198050597
                            Encrypted:false
                            SSDEEP:384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc
                            MD5:8EFF0B8045FD1959E117F85654AE7770
                            SHA1:227FEE13CEB7C410B5C0BB8000258B6643CB6255
                            SHA-256:89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
                            SHA-512:2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
                            Malicious:false
                            URL:https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
                            Preview:wOF2......Hh..........H..............................Z..|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.|.......%*..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`*m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R*...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.*+.M E..`......R.$T

                            Chrome Cache Entry: 71

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (18789)
                            Category:downloaded
                            Size (bytes):21265
                            Entropy (8bit):6.097762050409682
                            Encrypted:false
                            SSDEEP:384:6PD5Z+3SnKRjYdLboysY+n4Jc4Esb84YmpDpEWlgpUNl15:IZwSKRjYdLbn+jsbmsxqUXf
                            MD5:FDD68BF3EDE75F4A4BFE1389A0C059FC
                            SHA1:3D0F6315B1BA87B112F10A191722A629BE165FD4
                            SHA-256:DD7C22B3F25D3C331ABC00A714B9672396F01A14648BD3ED99F45CEEB64A2642
                            SHA-512:BAF753652194B79963D0E25C16F3C5F0880A2094C1541D71438D876A09D54A11C3740398439089E32EA88F27A1694068D879F8DC664B004EE4C5ECD9F900E547
                            Malicious:false
                            URL:https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/favicon.ico
                            Preview:.<!doctype html>.<html>. <head>. <title>Site Not Found</title>. <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>. <meta name="viewport" content="width=device-width, initial-scale=1">. <style>.. body {. margin: 0 auto;. margin-top: 48px;. max-width: 616px;. padding: 0 16px;. font-family: 'Roboto', 'Helvetica Neue', sans-serif;. font-size: 16px;. line-height: 24px;. color: rgba(0,0,0,0.87);. }. h1, h2, h3 {. font-family: 'Roboto', 'Helvetica Neue', sans-serif;. font-weight: 300;. }. h1 {. margin: 24px 0 16px 0;. padding: 0 0 16px 0;. border-bottom: 1px solid rgba(0,0,0,0.1);. font-size: 32px;. line-height: 36px;. }. h2 {. margin: 24px 0 16px 0;. padding: 0;. font-size: 20px;. line-height: 32px;. color: rgba(0,0,0,0.54);. }. p {. margin: 0;.

                            Chrome Cache Entry: 72

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:downloaded
                            Size (bytes):2162
                            Entropy (8bit):5.40818488433828
                            Encrypted:false
                            SSDEEP:48:1OLNPlOLNVFZKOLNHOLNk3yOLN5AOLNiRVc+umOLNY1N0oD:1OLNPlOLNVFZKOLNHOLNk3yOLNqOLNWL
                            MD5:9BFCAC77B5F079D96521B09DDC9435E9
                            SHA1:31D55DB9F4E8E6D3B6681E339A0ED9591A318888
                            SHA-256:158235A454C29707117F6570F40FCC1E7D143F14DC1AF1085979B47CF19E4871
                            SHA-512:23B14AA25730890E0F792AEBB4C2EFBC4CECFB173466221A869E99595CB519ED5791CA31B8B98192F096208C11AFEDA81D133E03699C35FC71CE8DF75A42B8BB
                            Malicious:false
                            URL:https://fonts.googleapis.com/css?family=Roboto
                            Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2) format('woff2');. unicode-range: U+0370-0377

                            Chrome Cache Entry: 73

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (18789)
                            Category:downloaded
                            Size (bytes):21265
                            Entropy (8bit):6.097762050409682
                            Encrypted:false
                            SSDEEP:384:6PD5Z+3SnKRjYdLboysY+n4Jc4Esb84YmpDpEWlgpUNl15:IZwSKRjYdLbn+jsbmsxqUXf
                            MD5:FDD68BF3EDE75F4A4BFE1389A0C059FC
                            SHA1:3D0F6315B1BA87B112F10A191722A629BE165FD4
                            SHA-256:DD7C22B3F25D3C331ABC00A714B9672396F01A14648BD3ED99F45CEEB64A2642
                            SHA-512:BAF753652194B79963D0E25C16F3C5F0880A2094C1541D71438D876A09D54A11C3740398439089E32EA88F27A1694068D879F8DC664B004EE4C5ECD9F900E547
                            Malicious:false
                            URL:https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/
                            Preview:.<!doctype html>.<html>. <head>. <title>Site Not Found</title>. <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>. <meta name="viewport" content="width=device-width, initial-scale=1">. <style>.. body {. margin: 0 auto;. margin-top: 48px;. max-width: 616px;. padding: 0 16px;. font-family: 'Roboto', 'Helvetica Neue', sans-serif;. font-size: 16px;. line-height: 24px;. color: rgba(0,0,0,0.87);. }. h1, h2, h3 {. font-family: 'Roboto', 'Helvetica Neue', sans-serif;. font-weight: 300;. }. h1 {. margin: 24px 0 16px 0;. padding: 0 0 16px 0;. border-bottom: 1px solid rgba(0,0,0,0.1);. font-size: 32px;. line-height: 36px;. }. h2 {. margin: 24px 0 16px 0;. padding: 0;. font-size: 20px;. line-height: 32px;. color: rgba(0,0,0,0.54);. }. p {. margin: 0;.

                            Static File Info

                            General

                            File type:CDFV2 Microsoft Outlook Message
                            Entropy (8bit):3.885518014336522
                            TrID:
                            • Outlook Message (71009/1) 58.92%
                            • Outlook Form Template (41509/1) 34.44%
                            • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                            File name:Password Expiration Notification.msg
                            File size:96'256 bytes
                            MD5:e6cad8432f48a38ddcdb1269e6e1aeab
                            SHA1:33791152439eff3f4e5997ab9137efa041be9789
                            SHA256:663476c8d6476fc55ef97c01e6174cc91a2a913546ec4f260dfef10fae5f20c0
                            SHA512:72da619a3e97a36cd2dd577a77e1d92baf2de3d25016286f012893dd5457ddc3b535397e91850a1d1de5e5174d024cecbc144cc559f5046ff5034a213116c3bd
                            SSDEEP:1536:r1yXWvWfWDSuoHgwurM94WlhwWYWE3LMZKhc1mewgAVn1i/8x:r1yUoAah2gq+mLP1i/8x
                            TLSH:4193312439FA5109F277EF324FE69097853AFD92AD25995F2091330E0673941E862F3B
                            File Content Preview:........................>......................................................................................................................................................................................................................................

                            Static Mail

                            General

                            Subject:Password Expiration Notification
                            From:info <admin@faa.gov>
                            To:hazmatinfo@faa.gov
                            Cc:
                            BCC:
                            Date:Wed, 28 Aug 2024 03:35:14 +0200
                            Communications:
                            • Dear hazmatinfo@faa.gov The password for hazmatinfo@faa.gov <mailto:refacs@batelco.com.bh> is expired!!! Kindly use the below button to continue using the same password. <https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLwhWsX_2B-jpMl08ribdVPIr28mdRJYSjtOFjYQymRiHOGfARsYbMGywkIEb_zjA2vsnLNnpUCH0rMUzs1r-HOaIbHYFF7fj1_dujsRYQUh6z8j1U07y8BkYxoKhUvGV5zch8lF&c=#hazmatinfo@faa.gov> Continue With Same Password Further messages might be prevented if any of the above actions are not performed. This email was sent from faa.gov Mail Center. Copyright 2024 faa.gov Inc. All rights reserved.
                            Attachments:

                              Headers

                              Key Value
                              Receivedfrom unassigned.quadranet.com ([104.223.34.201])
                              0135:26 +0000
                              (260310b6:208:1c0::16) with Microsoft SMTP Server (version=TLS1_2,
                              2024 0135:22 +0000
                              Transport; Wed, 28 Aug 2024 0135:22 +0000
                              Authentication-Resultsspf=softfail (sender IP is 204.108.8.6)
                              Received-SPFSoftFail (amcrelay1.faa.gov: domain of
                              15.20.7918.13 via Frontend Transport; Wed, 28 Aug 2024 0135:20 +0000
                              by oexinternalrelay1.faa.gov with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Aug 2024 2135:18 -0400
                              x-record-text="v=spf1 includefaa.gov._nspf.valigov.email
                              include%{i}._ip.%{h}._ehlo.%{d}._spf.valigov.email ~all"
                              Authentication-Results-Originalamcrelay1.faa.gov; dkim=none (message not
                              IronPort-SDR66ce7ed6_dxl67nppW4Dp32Dyf33xnjzILHE7k/U2EoQPPAZCIqAMvNU
                              X-IPAS-Result=?us-ascii?q?A0A9FI4tfs5mUski32hagiQBAoFyWygBBnYRSDQJBhkvl?=
                              IronPort-PHdrA9a23:QMpREx0S3xP7SVQ6smDO7QQyDhhOgF2HFlZRxp8ukbl0f6+k5Ziwd
                              IronPort-DataA9a23:Y84QUauiDGEVA4doql5N0ExVl+fnVFlaMUV32f8akzHdYApBsoF/q
                              IronPort-HdrOrdrA9a23:SsUoRK+d+WXCexrBpTduk+C7I+orL9Y04lQ7vn2ZLiY0TiX4ra
                              X-Talos-CUID9a23:rtRZz2y1Z2oiTcoHrI2hBgUuJuJ9UCLn9U3QKkKmCk8wdefKEke5rfY=
                              X-Talos-MUID9a23:5cpHgQnPvc8e4qOBC5VIdnpHJMdI26eqV3o/iLAdmO2rPCUuBjmk2WE=
                              X-IronPort-Anti-Spam-Filteredtrue
                              X-IronPort-AVE=Sophos;i="6.10,181,1719896400";
                              by amcrelay1.faa.gov with ESMTP; 27 Aug 2024 2035:17 -0500
                              Frominfo <admin@faa.gov>
                              Tohazmatinfo@faa.gov
                              SubjectPassword Expiration Notification
                              Date27 Aug 2024 18:35:14 -0700
                              Message-ID<20240827183514.268F0863AC7A5C6F@faa.gov>
                              MIME-Version1.0
                              Content-Typetext/html
                              Content-Transfer-Encodingquoted-printable
                              Return-Pathadmin@faa.gov
                              X-MS-Exchange-Organization-ExpirationStartTime28 Aug 2024 01:35:21.1497
                              X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                              X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                              X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                              X-MS-Exchange-Organization-Network-Message-Iddf2183c3-a329-4009-ecf4-08dcc701ae36
                              X-EOPAttributedMessage0
                              X-MS-Exchange-Organization-MessageDirectionalityOriginating
                              X-MS-PublicTrafficTypeEmail
                              X-MS-TrafficTypeDiagnosticSA2PEPF00002251:EE_|DS0PR09MB10532:EE_|PH8PR09MB10268:EE_
                              X-MS-Exchange-Organization-AuthSourceSA2PEPF00002251.namprd09.prod.outlook.com
                              X-MS-Exchange-Organization-AuthAsAnonymous
                              X-OriginatorOrgusfaa.onmicrosoft.com
                              X-MS-Office365-Filtering-Correlation-Iddf2183c3-a329-4009-ecf4-08dcc701ae36
                              X-MS-Exchange-Organization-SCL-1
                              X-Microsoft-AntispamBCL:0;ARA:13230040|82310400026|4123499015;
                              X-Forefront-Antispam-ReportCIP:204.108.8.6;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:oexinternalrelay1.faa.gov;PTR:ErrorRetry;CAT:NONE;SFS:(13230040)(82310400026)(4123499015);DIR:INB;
                              X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Aug 2024 01:35:20.8060
                              X-MS-Exchange-CrossTenant-Network-Message-Iddf2183c3-a329-4009-ecf4-08dcc701ae36
                              X-MS-Exchange-CrossTenant-Id2b69d099-dc61-447b-84c8-001733d8be3a
                              X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=2b69d099-dc61-447b-84c8-001733d8be3a;Ip=[204.108.8.6];Helo=[oexinternalrelay1.faa.gov]
                              X-MS-Exchange-CrossTenant-AuthSourceSA2PEPF00002251.namprd09.prod.outlook.com
                              X-MS-Exchange-CrossTenant-AuthAsAnonymous
                              X-MS-Exchange-CrossTenant-FromEntityHeaderHybridOnPrem
                              X-MS-Exchange-Transport-CrossTenantHeadersStampedDS0PR09MB10532
                              X-MS-Exchange-Transport-EndToEndLatency00:00:05.2959288
                              X-MS-Exchange-Processed-By-BccFoldering15.20.7897.019
                              X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                              X-Microsoft-Antispam-Message-Info=?us-ascii?Q?kMZKQC5DyFKkc+iqUCciwJf+OIJezyy4UX+J6O0Yh09xDl+//tG9BmbRekJv?=
                              dateWed, 28 Aug 2024 03:35:14 +0200

                              File Icon

                              Icon Hash:c4e1928eacb280a2

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 28, 2024 15:27:46.535451889 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:46.840085983 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:47.455657005 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:48.665047884 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:50.057756901 CEST4968980192.168.2.16192.229.211.108
                              Aug 28, 2024 15:27:50.667562962 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:50.667597055 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:50.667692900 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:50.667886972 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:50.667901993 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.071058989 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:51.472445011 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.472572088 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.484132051 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.484164000 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.484611988 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.485137939 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.485187054 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.485225916 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.908798933 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.908821106 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.908868074 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.908972979 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.908991098 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.909152031 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.909209967 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.909390926 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.909411907 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:51.909423113 CEST49708443192.168.2.1620.190.160.14
                              Aug 28, 2024 15:27:51.909429073 CEST4434970820.190.160.14192.168.2.16
                              Aug 28, 2024 15:27:55.625876904 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:55.625905037 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:55.626000881 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:55.626910925 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:55.626924038 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:55.882426977 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:27:55.957300901 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:55.957350969 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:55.957438946 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:55.958412886 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:55.958434105 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:56.405227900 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:56.405307055 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:56.409221888 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:56.409243107 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:56.409583092 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:56.452079058 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:56.687912941 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:56.688038111 CEST4434971251.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:56.688097954 CEST49712443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:56.841701031 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:56.841734886 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:56.841810942 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:56.842143059 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:56.842154980 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:56.939291954 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:56.939465046 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:56.941293955 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:56.941304922 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:56.941616058 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:56.995943069 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.128541946 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.172514915 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.401988983 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402010918 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402018070 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402050972 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402065992 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402087927 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402103901 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.402121067 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.402151108 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.402431011 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.403016090 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.403090954 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.403121948 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.403248072 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.413243055 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.413261890 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.413295031 CEST49713443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:27:57.413300037 CEST4434971340.68.123.157192.168.2.16
                              Aug 28, 2024 15:27:57.566363096 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:57.566418886 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:57.566698074 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:57.566698074 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:57.566734076 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:57.618737936 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.618899107 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.623830080 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.623836040 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.624214888 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.624669075 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.624669075 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.624706984 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907296896 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907331944 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907385111 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907406092 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.907424927 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907454967 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.907562971 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907624960 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.907766104 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.907778978 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.907789946 CEST49718443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:57.907794952 CEST4434971840.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:57.927009106 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:57.927038908 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:57.927120924 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:57.927321911 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:57.927331924 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:58.024631977 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.024883032 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.024904013 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.025908947 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.025973082 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.027133942 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.027199030 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.027412891 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.027420998 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.079087973 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.152111053 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152184010 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152215004 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152242899 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.152249098 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152287006 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152308941 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.152693987 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.152736902 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.152745962 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.153090000 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.153129101 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.153135061 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.153179884 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.153218985 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.153224945 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.171516895 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.171577930 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.171606064 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.223074913 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.238671064 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.238718987 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.238754034 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.238769054 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.238809109 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.238847017 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.238857985 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.238886118 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.239047050 CEST49719443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:58.239064932 CEST44349719199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:58.685097933 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:58.685167074 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:58.687097073 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:58.687108040 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:58.687355042 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:58.688499928 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:58.688536882 CEST4434972051.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:58.688597918 CEST49720443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:58.757102966 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:58.757153034 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:58.757224083 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:58.757496119 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:58.757505894 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.169011116 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:27:59.169941902 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.169991016 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.170172930 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.170397043 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.170411110 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.481410027 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:27:59.574268103 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.574820042 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.574839115 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.575558901 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.575558901 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.575563908 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.575576067 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.650394917 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.650687933 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.650707006 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.651016951 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.654280901 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.654347897 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.654465914 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.696515083 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.703108072 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.907782078 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.907854080 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.907885075 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.907912016 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.907922983 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.907948017 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.907965899 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.907983065 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908014059 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908026934 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.908035040 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908068895 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908081055 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.908087969 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908149004 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.908158064 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908618927 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.908675909 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.908684015 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914469004 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914503098 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914515018 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914520979 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.914530993 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914566040 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.914581060 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.914629936 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.914866924 CEST49725443192.168.2.16199.36.158.100
                              Aug 28, 2024 15:27:59.914885044 CEST44349725199.36.158.100192.168.2.16
                              Aug 28, 2024 15:27:59.930393934 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.930417061 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.930448055 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.930510998 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.930536032 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.930619001 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.930907011 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.930917978 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.930928946 CEST49722443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:27:59.930932999 CEST4434972240.126.32.76192.168.2.16
                              Aug 28, 2024 15:27:59.951576948 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:59.951602936 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:27:59.951688051 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:59.951939106 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:27:59.951947927 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:00.082211971 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:28:00.712120056 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:00.712218046 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:00.713486910 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:00.713498116 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:00.713725090 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:00.714915037 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:00.714946985 CEST4434972651.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:00.715003967 CEST49726443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:00.785346985 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:00.785381079 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:00.785465002 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:00.785662889 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:00.785671949 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:01.287225008 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:28:01.379005909 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:01.379040956 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:01.379281998 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:01.379471064 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:01.379483938 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:01.573226929 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:01.573928118 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:01.573955059 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:01.574685097 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:01.574685097 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:01.574692965 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:01.574703932 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006266117 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006284952 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006320000 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006340981 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006355047 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.006407976 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.006715059 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.006732941 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.006745100 CEST49727443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.006748915 CEST4434972740.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.020558119 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:02.020891905 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:02.020925999 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:02.021889925 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:02.021962881 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:02.023302078 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:02.023370028 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:02.026407003 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.026457071 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.026618958 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.026844978 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.026859045 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.070091009 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:02.070101976 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:02.118143082 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:02.799372911 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.799463987 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.800781965 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.800792933 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.801074028 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.802262068 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.802321911 CEST4434972951.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:02.802423954 CEST49729443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:02.866170883 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.866214991 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:02.866455078 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.866455078 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:02.866488934 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.655235052 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.656584024 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.656584024 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.656604052 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.656613111 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.656657934 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.656666994 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.696105003 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:28:03.977969885 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.977989912 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.978020906 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.978070974 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.978087902 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.978375912 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.978404045 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.978404045 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.978430986 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.978445053 CEST49730443192.168.2.1640.126.32.76
                              Aug 28, 2024 15:28:03.978454113 CEST4434973040.126.32.76192.168.2.16
                              Aug 28, 2024 15:28:03.995280027 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:03.995327950 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:03.995441914 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:03.995647907 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:03.995661020 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:04.805589914 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:04.805666924 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:04.806688070 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:04.806699038 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:04.806931973 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:04.808032990 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:04.808077097 CEST4434973151.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:04.808146954 CEST49731443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.054083109 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.054136038 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.054631948 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.054631948 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.054666996 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.484112978 CEST49673443192.168.2.16204.79.197.203
                              Aug 28, 2024 15:28:05.829164982 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.829349995 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.830410004 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.830421925 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.830840111 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.832035065 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:05.832081079 CEST4434973251.104.136.2192.168.2.16
                              Aug 28, 2024 15:28:05.832153082 CEST49732443192.168.2.1651.104.136.2
                              Aug 28, 2024 15:28:08.507219076 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:28:12.074630022 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:12.074747086 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:12.074837923 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:12.916745901 CEST49728443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:28:12.916781902 CEST44349728142.250.185.132192.168.2.16
                              Aug 28, 2024 15:28:18.114289999 CEST4968080192.168.2.16192.229.211.108
                              Aug 28, 2024 15:28:34.128539085 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.128566027 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:34.128683090 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.129103899 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.129116058 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:34.211348057 CEST4969780192.168.2.1693.184.221.240
                              Aug 28, 2024 15:28:34.211486101 CEST4969880192.168.2.1693.184.221.240
                              Aug 28, 2024 15:28:34.217444897 CEST804969793.184.221.240192.168.2.16
                              Aug 28, 2024 15:28:34.217463970 CEST804969893.184.221.240192.168.2.16
                              Aug 28, 2024 15:28:34.217550993 CEST4969780192.168.2.1693.184.221.240
                              Aug 28, 2024 15:28:34.217576981 CEST4969880192.168.2.1693.184.221.240
                              Aug 28, 2024 15:28:34.915270090 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:34.915421009 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.917320013 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.917329073 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:34.917561054 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:34.919168949 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:34.964497089 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.251189947 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.251225948 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.251240969 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.251348019 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.251363039 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.251415014 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.251446009 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.252306938 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.252353907 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.252386093 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.252391100 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.252413034 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.252418041 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.252459049 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.254682064 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.254695892 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:28:35.254707098 CEST49733443192.168.2.1640.68.123.157
                              Aug 28, 2024 15:28:35.254710913 CEST4434973340.68.123.157192.168.2.16
                              Aug 28, 2024 15:29:01.422516108 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:01.422566891 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:01.422648907 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:01.422925949 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:01.422940969 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:02.073390007 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:02.073731899 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:02.073759079 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:02.074093103 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:02.074398041 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:02.074461937 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:02.125261068 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:13.044076920 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:13.044147968 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:13.044220924 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:14.925371885 CEST49735443192.168.2.16142.250.185.132
                              Aug 28, 2024 15:29:14.925404072 CEST44349735142.250.185.132192.168.2.16
                              Aug 28, 2024 15:29:24.369621992 CEST4970080192.168.2.16192.229.221.95
                              Aug 28, 2024 15:29:24.439903975 CEST8049700192.229.221.95192.168.2.16
                              Aug 28, 2024 15:29:24.440124989 CEST4970080192.168.2.16192.229.221.95

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 28, 2024 15:27:56.681233883 CEST5102453192.168.2.161.1.1.1
                              Aug 28, 2024 15:27:56.681411028 CEST5555953192.168.2.161.1.1.1
                              Aug 28, 2024 15:27:56.752872944 CEST53597331.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:56.752891064 CEST53512851.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:56.757742882 CEST53555591.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:57.514615059 CEST5210853192.168.2.161.1.1.1
                              Aug 28, 2024 15:27:57.514657974 CEST6353053192.168.2.161.1.1.1
                              Aug 28, 2024 15:27:57.536209106 CEST53635301.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:57.565706015 CEST53521081.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:57.768583059 CEST53560961.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:58.181778908 CEST53587471.1.1.1192.168.2.16
                              Aug 28, 2024 15:27:59.138936043 CEST53540591.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:01.368376970 CEST5636753192.168.2.161.1.1.1
                              Aug 28, 2024 15:28:01.368376970 CEST5777253192.168.2.161.1.1.1
                              Aug 28, 2024 15:28:01.375930071 CEST53563671.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:01.377897024 CEST53577721.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:14.677707911 CEST53605951.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:33.741602898 CEST53590351.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:50.866372108 CEST138138192.168.2.16192.168.2.255
                              Aug 28, 2024 15:28:56.579423904 CEST53542201.1.1.1192.168.2.16
                              Aug 28, 2024 15:28:56.658567905 CEST53622881.1.1.1192.168.2.16
                              Aug 28, 2024 15:29:25.893359900 CEST53623891.1.1.1192.168.2.16

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 28, 2024 15:27:56.681233883 CEST192.168.2.161.1.1.10xad4eStandard query (0)a.rs6.netA (IP address)IN (0x0001)false
                              Aug 28, 2024 15:27:56.681411028 CEST192.168.2.161.1.1.10xc4afStandard query (0)a.rs6.net65IN (0x0001)false
                              Aug 28, 2024 15:27:57.514615059 CEST192.168.2.161.1.1.10x680cStandard query (0)webmail0ft0-3ddegcq2fjoyjdafec.web.appA (IP address)IN (0x0001)false
                              Aug 28, 2024 15:27:57.514657974 CEST192.168.2.161.1.1.10x41c2Standard query (0)webmail0ft0-3ddegcq2fjoyjdafec.web.app65IN (0x0001)false
                              Aug 28, 2024 15:28:01.368376970 CEST192.168.2.161.1.1.10xa58eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                              Aug 28, 2024 15:28:01.368376970 CEST192.168.2.161.1.1.10xcb4fStandard query (0)www.google.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 28, 2024 15:27:56.756721020 CEST1.1.1.1192.168.2.160xad4eNo error (0)a.rs6.neta.rs6.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                              Aug 28, 2024 15:27:56.757742882 CEST1.1.1.1192.168.2.160xc4afNo error (0)a.rs6.neta.rs6.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                              Aug 28, 2024 15:27:57.565706015 CEST1.1.1.1192.168.2.160x680cNo error (0)webmail0ft0-3ddegcq2fjoyjdafec.web.app199.36.158.100A (IP address)IN (0x0001)false
                              Aug 28, 2024 15:28:01.375930071 CEST1.1.1.1192.168.2.160xa58eNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                              Aug 28, 2024 15:28:01.377897024 CEST1.1.1.1192.168.2.160xcb4fNo error (0)www.google.com65IN (0x0001)false

                              HTTP Request Dependency Graph

                              • login.live.com
                              • slscr.update.microsoft.com
                              • webmail0ft0-3ddegcq2fjoyjdafec.web.app
                              • https:

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination Port
                              0192.168.2.164970820.190.160.14443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:51 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4722
                              Host: login.live.com
                              2024-08-28 13:27:51 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-08-28 13:27:51 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Wed, 28 Aug 2024 13:26:51 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_BAY
                              x-ms-request-id: 771447de-aa7d-42f7-a771-8c92c76f5cb3
                              PPServer: PPV: 30 H: PH1PEPF00011EDB V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Wed, 28 Aug 2024 13:27:51 GMT
                              Connection: close
                              Content-Length: 10197
                              2024-08-28 13:27:51 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.164971340.68.123.157443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:57 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bAppL76uu8gacav&MD=dDOyFLyb HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-08-28 13:27:57 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                              MS-CorrelationId: 14af4219-9f37-439e-a120-62893487c436
                              MS-RequestId: 9cb4d177-8f38-44b9-9fc6-238036c08cf9
                              MS-CV: ePxWGJOlHEKl41xT.0
                              X-Microsoft-SLSClientCache: 2880
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Wed, 28 Aug 2024 13:27:57 GMT
                              Connection: close
                              Content-Length: 24490
                              2024-08-28 13:27:57 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                              2024-08-28 13:27:57 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                              Session IDSource IPSource PortDestination IPDestination Port
                              2192.168.2.164971840.126.32.76443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:57 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4710
                              Host: login.live.com
                              2024-08-28 13:27:57 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-08-28 13:27:57 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Wed, 28 Aug 2024 13:26:57 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_BL2
                              x-ms-request-id: beac9821-c318-4672-b8a9-a63965b6bebb
                              PPServer: PPV: 30 H: BL02EPF0001D909 V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Wed, 28 Aug 2024 13:27:57 GMT
                              Connection: close
                              Content-Length: 10173
                              2024-08-28 13:27:57 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.1649719199.36.158.1004431448C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:58 UTC681OUTGET / HTTP/1.1
                              Host: webmail0ft0-3ddegcq2fjoyjdafec.web.app
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-28 13:27:58 UTC493INHTTP/1.1 404 Not Found
                              Connection: close
                              Content-Length: 21265
                              Cache-Control: max-age=0
                              Content-Type: text/html; charset=utf-8
                              Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Date: Wed, 28 Aug 2024 13:27:58 GMT
                              X-Served-By: cache-ewr-kewr1740030-EWR
                              X-Cache: MISS
                              X-Cache-Hits: 0
                              X-Timer: S1724851678.075061,VS0,VE31
                              Vary: x-fh-requested-host, accept-encoding
                              alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                              2024-08-28 13:27:58 UTC1378INData Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 0a 20 20 20 20
                              Data Ascii: <!doctype html><html> <head> <title>Site Not Found</title> <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>
                              2024-08-28 13:27:58 UTC1378INData Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 43 45 46 46 31 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 20 4d 6f 6e 6f 27 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65
                              Data Ascii: background-color: #ECEFF1; border-radius: 3px; font-family: 'Roboto Mono',"Liberation Mono",Courier,monospace; font-size: 14px; line-height: 1; } .logo { display: block; text-align: cente
                              2024-08-28 13:27:58 UTC1378INData Raw: 6d 57 5a 56 6e 56 51 74 49 4f 6f 4a 77 57 54 4f 49 77 46 65 35 45 63 59 43 6c 44 6b 77 64 50 35 39 2f 70 78 32 58 5a 56 6d 57 5a 61 56 74 79 49 34 41 74 45 2f 69 64 49 58 62 43 34 30 2f 77 42 61 42 63 50 32 43 76 52 6d 52 61 6d 43 57 5a 56 6d 57 56 51 57 47 5a 41 65 67 66 52 4b 7a 67 4d 75 42 32 76 56 65 55 44 35 49 4a 37 65 6d 45 70 52 6c 57 5a 5a 6c 56 5a 45 68 31 77 46 6f 6e 38 77 50 67 61 76 37 65 6c 33 68 38 41 57 54 2b 47 6b 46 51 37 49 73 79 37 4b 73 71 6a 4f 6b 4f 67 44 74 6b 2f 6b 32 79 6a 6b 44 58 61 66 77 76 77 73 6d 38 71 31 4b 78 47 52 5a 6c 6d 56 5a 31 57 6a 49 4c 41 4a 73 6e 38 77 50 6f 7a 54 2b 36 77 67 51 50 6a 4e 68 48 72 38 76 57 31 43 57 5a 56 6d 57 56 61 57 47 52 41 65 67 66 52 49 6e 41 39 63 55 63 65 73 62 43 45 64 4f 6d 4d 66 44 53
                              Data Ascii: mWZVnVQtIOoJwWTOIwFe5EcYClDkwdP59/px2XZVmWZaVtyI4AtE/idIXbC40/wBaBcP2CvRmRamCWZVmWVQWGZAegfRKzgMuB2vVeUD5IJ7emEpRlWZZlVZEh1wFon8wPgav7el3h8AWT+GkFQ7Isy7KsqjOkOgDtk/k2yjkDXafwvwsm8q1KxGRZlmVZ1WjILAJsn8wPozT+6wgQPjNhHr8vW1CWZVmWVaWGRAegfRInA9cUcesbCEdOmMfDS
                              2024-08-28 13:27:58 UTC1378INData Raw: 48 55 66 69 6c 47 2b 32 54 32 62 42 68 48 6c 63 6c 33 59 6f 5a 62 5a 4e 50 70 39 2f 41 6c 69 52 64 69 41 52 4f 4d 44 72 49 6e 49 63 4d 4c 2b 33 43 31 7a 58 50 56 74 56 4c 2b 7a 6a 2f 68 32 41 4c 34 76 49 34 61 37 72 54 76 4d 38 37 36 46 79 42 57 70 46 73 32 72 56 71 6c 72 67 43 75 42 67 6f 47 75 41 79 7a 50 41 4e 32 48 49 2f 30 31 61 56 69 53 70 64 77 41 30 59 46 63 5a 48 4a 6e 2f 34 73 71 67 58 4c 5a 67 45 73 2f 74 4d 70 39 37 30 77 36 6d 6a 49 52 77 36 6d 61 77 4a 45 4d 4b 36 4f 50 33 33 68 68 7a 6a 71 72 2b 4d 45 49 5a 45 31 54 31 48 74 64 31 50 2b 6c 35 33 6a 2b 53 44 63 38 71 77 6c 68 67 73 34 6a 58 6a 69 68 6e 49 4a 59 31 6d 4b 53 2b 43 46 44 67 43 32 6e 48 55 45 59 6a 46 46 70 66 6d 4d 54 6d 61 51 64 69 76 53 4f 67 6c 36 46 69 31 33 58 33 41 61 49
                              Data Ascii: HUfilG+2T2bBhHlcl3YoZbZNPp9/AliRdiAROMDrInIcML+3C1zXPVtVL+zj/h2AL4vI4a7rTvM876FyBWpFs2rVqlrgCuBgoGuAyzPAN2HI/01aViSpdwA0YFcZHJn/4sqgXLZgEs/tMp970w6mjIRw6mawJEMK6OP33hhzjqr+MEIZE1T1Htd1P+l53j+SDc8qwlhgs4jXjihnIJY1mKS+CFDgC2nHUEYjFFpfmMTmaQdivSOgl6Fi13X3AaI
                              2024-08-28 13:27:58 UTC1378INData Raw: 78 49 47 44 34 4b 68 6d 38 44 34 2f 61 44 74 61 2f 44 57 30 39 44 78 77 4c 49 72 39 36 6b 52 77 56 47 71 58 49 78 34 52 59 30 79 2b 72 54 7a 4a 6b 7a 36 7a 6f 37 4f 33 63 53 6b 62 48 41 53 4d 4c 78 75 41 42 59 4b 53 4c 4c 61 6d 74 72 58 37 37 32 32 6d 75 37 6b 71 7a 54 64 64 33 4e 67 4b 32 41 63 61 6f 36 45 74 59 37 32 45 70 45 5a 43 58 77 74 71 71 2b 56 56 74 62 2b 31 70 7a 63 2f 50 71 4a 4f 75 76 70 4a 4e 50 50 72 6d 6d 6f 36 4e 6a 50 4c 41 35 4d 4c 4c 77 66 6e 76 47 50 4c 74 46 5a 41 57 77 6f 71 61 6d 5a 6d 46 7a 63 33 50 56 54 74 73 31 4e 44 53 4d 63 78 78 6e 53 32 41 4c 59 4c 69 71 31 6d 39 77 53 5a 65 49 72 41 62 65 44 6f 4a 67 36 65 6a 52 6f 78 64 66 64 64 56 56 78 52 36 4f 56 52 5a 66 2f 76 4b 58 6e 52 55 72 56 6d 7a 74 4f 4d 37 57 77 4a 6a 43 7a
                              Data Ascii: xIGD4Khm8D4/aDta/DW09DxwLIr96kRwVGqXIx4RY0y+rTzJkz6zo7O3cSkbHASMLxuABYKSLLamtrX7722mu7kqzTdd3NgK2Acao6EtY72EpEZCXwtqq+VVtb+1pzc/PqJOuvpJNPPrmmo6NjPLA5MLLwfnvGPLtFZAWwoqamZmFzc3PVTts1NDSMcxxnS2ALYLiq1m9wSZeIrAbeDoJg6ejRoxdfddVVxR6OVRZf/vKXnRUrVmztOM7WwJjCz
                              2024-08-28 13:27:58 UTC1378INData Raw: 45 50 78 41 56 57 63 43 77 78 4d 73 65 69 52 77 45 6e 43 4d 4d 65 62 58 51 52 43 63 4f 32 66 4f 6e 4e 63 53 4c 48 38 6a 78 70 67 39 75 72 75 37 66 30 44 34 4e 35 54 6b 65 2f 6d 51 69 4f 53 41 66 78 6c 6a 4c 76 4e 39 50 31 64 4b 59 62 31 32 41 50 51 2b 64 67 63 2b 56 30 72 42 4a 51 73 41 67 52 45 37 77 67 35 66 68 4c 65 65 68 42 57 50 68 56 39 4c 37 78 44 6a 69 68 71 44 34 6d 4a 33 42 46 52 53 51 50 69 55 50 6d 79 67 43 2b 6e 2f 61 58 35 44 55 63 38 39 36 47 4b 44 78 74 6f 59 63 33 51 2b 6e 37 38 4f 47 42 75 6a 76 71 4a 6b 73 39 6e 33 42 6b 46 77 45 66 44 46 4d 6c 64 31 47 48 43 59 36 37 6f 74 71 6e 71 42 37 2f 73 4c 79 6c 78 66 6a 30 37 43 71 52 45 41 6a 44 47 6a 67 42 2b 72 36 69 6e 30 50 71 52 63 69 71 32 41 72 39 58 55 31 4a 78 73 6a 44 6e 46 39 2f 30
                              Data Ascii: EPxAVWcCwxMseiRwEnCMMebXQRCcO2fOnNcSLH8jxpg9uru7f0D4N5Tke/mQiOSAfxljLvN9P1dKYb12APQ+dgc+V0rBJQsAgRE7wg5fhLeehBWPhV9L7xDjihqD4mJ3BFRSQPiUPmygC+n/aX5DUc896GKDxtoYc3Q+n78OGBujvqJks9n3BkFwEfDFMld1GHCY67otqnqB7/sLylxfj07CqREAjDGjgB+r6in0PqRciq2Ar9XU1JxsjDnF9/0
                              2024-08-28 13:27:58 UTC1378INData Raw: 36 69 73 39 6e 73 64 69 54 54 61 4b 34 6b 66 41 39 4a 50 41 59 65 56 56 4e 54 63 31 4b 63 47 78 6f 61 47 6a 34 48 31 58 65 4b 71 36 71 65 47 6e 56 4e 77 48 6f 64 41 4c 32 66 76 51 6a 6e 64 73 6f 72 69 65 51 2b 47 69 59 4a 32 75 5a 41 71 4e 39 31 61 48 63 43 42 42 72 54 6a 69 45 68 53 72 7a 56 38 35 75 61 39 34 76 49 6d 65 57 75 78 42 68 7a 70 49 67 55 2b 77 45 63 69 4d 68 2f 52 65 53 37 49 6e 49 38 73 4b 2b 49 54 42 47 52 76 59 44 39 52 65 52 6b 45 57 6b 56 6b 57 4a 58 39 67 38 44 72 76 72 61 31 37 35 57 4c 58 74 39 65 72 49 72 42 6f 52 37 2f 47 4e 74 71 65 79 7a 55 4e 57 6a 4d 70 6e 4d 47 56 47 75 76 65 43 43 43 79 43 63 70 69 6d 4b 69 48 53 4b 79 46 30 69 38 67 33 67 59 34 57 66 31 34 64 46 35 43 4d 69 73 69 64 77 71 49 69 63 43 79 56 74 4f 64 34 37 6e
                              Data Ascii: 6is9nsdiTTaK4kfA9JPAYeVVNTc1KcGxoaGj4H1XeKq6qeGnVNwHodAL2fvQjndsorieQ+GiYJ2uZAqN91aHcCBBrTjiEhSrzV85ua94vImeWuxBhzpIgU+wEciMh/ReS7InI8sK+ITBGRvYD9ReRkEWkVkWJX9g8Drvra175WLXt9erIrBoR7/GNtqeyzUNWjMpnMGVGuveCCCyCcpimKiHSKyF0i8g3gY4Wf14dF5CMisidwqIicCyVtOd47n
                              2024-08-28 13:27:58 UTC1378INData Raw: 73 37 77 5a 59 32 34 44 69 6d 6f 67 31 71 6e 76 63 52 45 35 4e 5a 66 4c 78 57 71 45 47 78 73 62 64 31 54 56 4e 62 6c 63 37 67 31 6a 7a 4f 48 41 62 55 52 4c 64 4e 51 6a 35 2f 74 2b 49 6c 4e 51 72 75 76 65 72 36 6f 48 78 4c 6a 6c 63 64 2f 33 39 2b 37 76 67 72 68 6e 41 66 52 68 74 65 4d 34 33 38 72 6c 63 6e 30 32 58 41 4d 78 78 75 78 46 2b 4e 53 32 65 39 78 37 52 61 54 52 38 37 78 63 31 4f 76 50 4f 4f 4f 4d 7a 4c 4a 6c 79 37 36 72 71 75 66 32 38 76 49 79 56 54 32 31 72 61 33 74 78 72 68 78 62 43 69 62 7a 57 34 58 42 4d 47 4e 77 4d 64 69 33 50 61 30 34 7a 67 48 35 58 4b 35 4e 33 70 37 30 58 58 64 6f 31 51 31 61 69 72 77 76 4f 4d 34 78 2b 56 79 75 61 4a 54 68 38 2b 59 4d 61 4f 2b 75 37 76 37 6f 63 4b 35 47 62 31 5a 49 43 4c 58 5a 54 4b 5a 58 45 74 4c 79 2b 4b
                              Data Ascii: s7wZY24Dimog1qnvcRE5NZfLxWqEGxsbd1TVNblc7g1jzOHAbURLdNQj5/t+IlNQruver6oHxLjlcd/39+7vgrhnAfRhteM438rlcn02XAMxxuxF+NS2e9x7RaTR87xc1OvPOOOMzLJly76rquf28vIyVT21ra3txrhxbCibzW4XBMGNwMdi3Pa04zgH5XK5N3p70XXdo1Q1airwvOM4x+VyuaJTh8+YMaO+u7v7ocK5Gb1ZICLXZTKZXEtLy+K
                              2024-08-28 13:27:58 UTC1378INData Raw: 77 70 55 6f 64 64 30 34 37 42 71 70 67 66 74 62 61 32 6c 6a 54 73 33 79 4f 66 7a 78 39 45 6a 4e 45 6a 45 62 6b 34 69 58 72 37 34 76 76 2b 4d 69 44 71 6b 62 4b 31 71 6e 70 51 77 69 47 38 46 67 52 42 57 52 4f 34 65 4a 37 33 66 38 42 76 59 39 77 79 43 6a 69 69 54 4f 47 55 7a 50 66 39 42 34 43 6f 76 34 38 37 39 2f 57 43 69 44 77 54 6f 39 70 36 34 42 66 5a 62 44 62 32 77 73 71 6b 35 66 50 35 69 55 43 2f 43 31 49 33 38 49 31 79 78 62 4b 4f 47 34 6d 59 56 30 56 56 39 35 73 2b 66 66 70 47 42 38 75 74 2b 34 55 34 43 78 74 4b 6f 34 57 61 68 78 50 75 42 43 68 44 2b 58 57 62 77 36 67 70 73 50 78 42 6b 44 6a 4c 6e 71 71 59 4b 48 75 6b 48 59 4e 56 45 55 38 36 6a 70 4e 6b 79 74 66 49 44 61 69 49 33 4a 7a 4c 35 52 59 6d 57 48 65 76 56 50 55 50 68 57 52 45 55 55 36 37 50
                              Data Ascii: wpUodd047Bqpgftba2ljTs3yOfzx9EjNEjEbk4iXr74vv+MiDqkbK1qnpQwiG8FgRBWRO4eJ73f8BvY9wyCjiiTOGUzPf9B4Cov4879/WCiDwTo9p64BfZbDb2wsqk5fP5iUC/C1I38I1yxbKOG4mYV0VV95s+ffpGB8ut+4U4CxtKo4WahxPuBChD+XWbw6gpsPxBkDjLnqqYKHukHYNVEU86jpNkytfIDaiI3JzL5RYmWHevVPUPhWREUU67P
                              2024-08-28 13:27:58 UTC1378INData Raw: 67 49 6a 73 46 4c 56 73 31 33 55 6e 50 76 50 4d 4d 37 38 45 44 71 43 38 54 35 74 62 41 75 65 51 34 4a 4a 71 78 33 46 4f 44 34 4c 67 55 5a 49 37 39 6e 6f 45 59 59 66 69 49 41 32 48 50 4a 59 59 59 31 34 52 6b 62 2b 49 79 4a 58 41 38 37 6c 63 72 71 68 48 7a 65 6e 54 70 77 2b 4a 74 56 63 69 73 6c 45 71 37 70 35 66 6d 76 53 61 78 72 47 55 62 36 57 2b 67 6a 4d 4d 52 75 78 59 78 6a 71 73 4f 49 54 4b 6e 48 4d 2f 61 4b 6c 71 4b 53 65 79 62 55 52 45 79 6e 2b 2b 52 77 57 49 53 42 4b 4c 6c 46 66 57 31 64 55 6c 2b 76 32 4e 51 6b 54 75 6a 58 70 74 6c 43 66 48 59 34 34 35 68 6f 61 47 68 74 4e 56 64 54 35 51 69 61 48 6d 48 6f 6e 31 4a 48 4f 35 33 44 77 52 4f 5a 4a 77 46 56 6a 53 42 4e 67 61 32 45 74 56 2f 7a 63 49 67 76 59 67 43 50 37 72 75 75 36 73 59 6e 59 55 69 45 69
                              Data Ascii: gIjsFLVs13UnPvPMM78EDqC8T5tbAueQ4JJqx3FOD4LgUZI79noEYYfiIA2HPJYYY14Rkb+IyJXA87lcrqhHzenTpw+JtVcislEq7p5fmvSaxrGUb6W+gjMMRuxYxjqsOITKnHM/aKlqKSeybUREyn++RwWISBKLlFfW1dUl+v2NQkTujXptlCfHY445hoaGhtNVdT5QiaHmHon1JHO53DwROZJwFVjSBNga2EtV/zcIgvYgCP7ruu6sYnYUiEi


                              Session IDSource IPSource PortDestination IPDestination Port
                              4192.168.2.164972240.126.32.76443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:59 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4710
                              Host: login.live.com
                              2024-08-28 13:27:59 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-08-28 13:27:59 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Wed, 28 Aug 2024 13:26:59 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_BL2
                              x-ms-request-id: 4b978d5e-ef1d-473b-9337-1c73448f8f39
                              PPServer: PPV: 30 H: BL02EPF0001D908 V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Wed, 28 Aug 2024 13:27:59 GMT
                              Connection: close
                              Content-Length: 10173
                              2024-08-28 13:27:59 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.1649725199.36.158.1004431448C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:27:59 UTC632OUTGET /favicon.ico HTTP/1.1
                              Host: webmail0ft0-3ddegcq2fjoyjdafec.web.app
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://webmail0ft0-3ddegcq2fjoyjdafec.web.app/
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-08-28 13:27:59 UTC493INHTTP/1.1 404 Not Found
                              Connection: close
                              Content-Length: 21265
                              Cache-Control: max-age=0
                              Content-Type: text/html; charset=utf-8
                              Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Date: Wed, 28 Aug 2024 13:27:59 GMT
                              X-Served-By: cache-ewr-kewr1740046-EWR
                              X-Cache: MISS
                              X-Cache-Hits: 0
                              X-Timer: S1724851680.702221,VS0,VE26
                              Vary: x-fh-requested-host, accept-encoding
                              alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                              2024-08-28 13:27:59 UTC1378INData Raw: 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 0a 20 20 20 20
                              Data Ascii: <!doctype html><html> <head> <title>Site Not Found</title> <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>
                              2024-08-28 13:27:59 UTC1378INData Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 43 45 46 46 31 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 20 4d 6f 6e 6f 27 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65
                              Data Ascii: background-color: #ECEFF1; border-radius: 3px; font-family: 'Roboto Mono',"Liberation Mono",Courier,monospace; font-size: 14px; line-height: 1; } .logo { display: block; text-align: cente
                              2024-08-28 13:27:59 UTC1378INData Raw: 6d 57 5a 56 6e 56 51 74 49 4f 6f 4a 77 57 54 4f 49 77 46 65 35 45 63 59 43 6c 44 6b 77 64 50 35 39 2f 70 78 32 58 5a 56 6d 57 5a 61 56 74 79 49 34 41 74 45 2f 69 64 49 58 62 43 34 30 2f 77 42 61 42 63 50 32 43 76 52 6d 52 61 6d 43 57 5a 56 6d 57 56 51 57 47 5a 41 65 67 66 52 4b 7a 67 4d 75 42 32 76 56 65 55 44 35 49 4a 37 65 6d 45 70 52 6c 57 5a 5a 6c 56 5a 45 68 31 77 46 6f 6e 38 77 50 67 61 76 37 65 6c 33 68 38 41 57 54 2b 47 6b 46 51 37 49 73 79 37 4b 73 71 6a 4f 6b 4f 67 44 74 6b 2f 6b 32 79 6a 6b 44 58 61 66 77 76 77 73 6d 38 71 31 4b 78 47 52 5a 6c 6d 56 5a 31 57 6a 49 4c 41 4a 73 6e 38 77 50 6f 7a 54 2b 36 77 67 51 50 6a 4e 68 48 72 38 76 57 31 43 57 5a 56 6d 57 56 61 57 47 52 41 65 67 66 52 49 6e 41 39 63 55 63 65 73 62 43 45 64 4f 6d 4d 66 44 53
                              Data Ascii: mWZVnVQtIOoJwWTOIwFe5EcYClDkwdP59/px2XZVmWZaVtyI4AtE/idIXbC40/wBaBcP2CvRmRamCWZVmWVQWGZAegfRKzgMuB2vVeUD5IJ7emEpRlWZZlVZEh1wFon8wPgav7el3h8AWT+GkFQ7Isy7KsqjOkOgDtk/k2yjkDXafwvwsm8q1KxGRZlmVZ1WjILAJsn8wPozT+6wgQPjNhHr8vW1CWZVmWVaWGRAegfRInA9cUcesbCEdOmMfDS
                              2024-08-28 13:27:59 UTC1378INData Raw: 48 55 66 69 6c 47 2b 32 54 32 62 42 68 48 6c 63 6c 33 59 6f 5a 62 5a 4e 50 70 39 2f 41 6c 69 52 64 69 41 52 4f 4d 44 72 49 6e 49 63 4d 4c 2b 33 43 31 7a 58 50 56 74 56 4c 2b 7a 6a 2f 68 32 41 4c 34 76 49 34 61 37 72 54 76 4d 38 37 36 46 79 42 57 70 46 73 32 72 56 71 6c 72 67 43 75 42 67 6f 47 75 41 79 7a 50 41 4e 32 48 49 2f 30 31 61 56 69 53 70 64 77 41 30 59 46 63 5a 48 4a 6e 2f 34 73 71 67 58 4c 5a 67 45 73 2f 74 4d 70 39 37 30 77 36 6d 6a 49 52 77 36 6d 61 77 4a 45 4d 4b 36 4f 50 33 33 68 68 7a 6a 71 72 2b 4d 45 49 5a 45 31 54 31 48 74 64 31 50 2b 6c 35 33 6a 2b 53 44 63 38 71 77 6c 68 67 73 34 6a 58 6a 69 68 6e 49 4a 59 31 6d 4b 53 2b 43 46 44 67 43 32 6e 48 55 45 59 6a 46 46 70 66 6d 4d 54 6d 61 51 64 69 76 53 4f 67 6c 36 46 69 31 33 58 33 41 61 49
                              Data Ascii: HUfilG+2T2bBhHlcl3YoZbZNPp9/AliRdiAROMDrInIcML+3C1zXPVtVL+zj/h2AL4vI4a7rTvM876FyBWpFs2rVqlrgCuBgoGuAyzPAN2HI/01aViSpdwA0YFcZHJn/4sqgXLZgEs/tMp970w6mjIRw6mawJEMK6OP33hhzjqr+MEIZE1T1Htd1P+l53j+SDc8qwlhgs4jXjihnIJY1mKS+CFDgC2nHUEYjFFpfmMTmaQdivSOgl6Fi13X3AaI
                              2024-08-28 13:27:59 UTC1378INData Raw: 78 49 47 44 34 4b 68 6d 38 44 34 2f 61 44 74 61 2f 44 57 30 39 44 78 77 4c 49 72 39 36 6b 52 77 56 47 71 58 49 78 34 52 59 30 79 2b 72 54 7a 4a 6b 7a 36 7a 6f 37 4f 33 63 53 6b 62 48 41 53 4d 4c 78 75 41 42 59 4b 53 4c 4c 61 6d 74 72 58 37 37 32 32 6d 75 37 6b 71 7a 54 64 64 33 4e 67 4b 32 41 63 61 6f 36 45 74 59 37 32 45 70 45 5a 43 58 77 74 71 71 2b 56 56 74 62 2b 31 70 7a 63 2f 50 71 4a 4f 75 76 70 4a 4e 50 50 72 6d 6d 6f 36 4e 6a 50 4c 41 35 4d 4c 4c 77 66 6e 76 47 50 4c 74 46 5a 41 57 77 6f 71 61 6d 5a 6d 46 7a 63 33 50 56 54 74 73 31 4e 44 53 4d 63 78 78 6e 53 32 41 4c 59 4c 69 71 31 6d 39 77 53 5a 65 49 72 41 62 65 44 6f 4a 67 36 65 6a 52 6f 78 64 66 64 64 56 56 78 52 36 4f 56 52 5a 66 2f 76 4b 58 6e 52 55 72 56 6d 7a 74 4f 4d 37 57 77 4a 6a 43 7a
                              Data Ascii: xIGD4Khm8D4/aDta/DW09DxwLIr96kRwVGqXIx4RY0y+rTzJkz6zo7O3cSkbHASMLxuABYKSLLamtrX7722mu7kqzTdd3NgK2Acao6EtY72EpEZCXwtqq+VVtb+1pzc/PqJOuvpJNPPrmmo6NjPLA5MLLwfnvGPLtFZAWwoqamZmFzc3PVTts1NDSMcxxnS2ALYLiq1m9wSZeIrAbeDoJg6ejRoxdfddVVxR6OVRZf/vKXnRUrVmztOM7WwJjCz
                              2024-08-28 13:27:59 UTC1378INData Raw: 45 50 78 41 56 57 63 43 77 78 4d 73 65 69 52 77 45 6e 43 4d 4d 65 62 58 51 52 43 63 4f 32 66 4f 6e 4e 63 53 4c 48 38 6a 78 70 67 39 75 72 75 37 66 30 44 34 4e 35 54 6b 65 2f 6d 51 69 4f 53 41 66 78 6c 6a 4c 76 4e 39 50 31 64 4b 59 62 31 32 41 50 51 2b 64 67 63 2b 56 30 72 42 4a 51 73 41 67 52 45 37 77 67 35 66 68 4c 65 65 68 42 57 50 68 56 39 4c 37 78 44 6a 69 68 71 44 34 6d 4a 33 42 46 52 53 51 50 69 55 50 6d 79 67 43 2b 6e 2f 61 58 35 44 55 63 38 39 36 47 4b 44 78 74 6f 59 63 33 51 2b 6e 37 38 4f 47 42 75 6a 76 71 4a 6b 73 39 6e 33 42 6b 46 77 45 66 44 46 4d 6c 64 31 47 48 43 59 36 37 6f 74 71 6e 71 42 37 2f 73 4c 79 6c 78 66 6a 30 37 43 71 52 45 41 6a 44 47 6a 67 42 2b 72 36 69 6e 30 50 71 52 63 69 71 32 41 72 39 58 55 31 4a 78 73 6a 44 6e 46 39 2f 30
                              Data Ascii: EPxAVWcCwxMseiRwEnCMMebXQRCcO2fOnNcSLH8jxpg9uru7f0D4N5Tke/mQiOSAfxljLvN9P1dKYb12APQ+dgc+V0rBJQsAgRE7wg5fhLeehBWPhV9L7xDjihqD4mJ3BFRSQPiUPmygC+n/aX5DUc896GKDxtoYc3Q+n78OGBujvqJks9n3BkFwEfDFMld1GHCY67otqnqB7/sLylxfj07CqREAjDGjgB+r6in0PqRciq2Ar9XU1JxsjDnF9/0
                              2024-08-28 13:27:59 UTC1378INData Raw: 36 69 73 39 6e 73 64 69 54 54 61 4b 34 6b 66 41 39 4a 50 41 59 65 56 56 4e 54 63 31 4b 63 47 78 6f 61 47 6a 34 48 31 58 65 4b 71 36 71 65 47 6e 56 4e 77 48 6f 64 41 4c 32 66 76 51 6a 6e 64 73 6f 72 69 65 51 2b 47 69 59 4a 32 75 5a 41 71 4e 39 31 61 48 63 43 42 42 72 54 6a 69 45 68 53 72 7a 56 38 35 75 61 39 34 76 49 6d 65 57 75 78 42 68 7a 70 49 67 55 2b 77 45 63 69 4d 68 2f 52 65 53 37 49 6e 49 38 73 4b 2b 49 54 42 47 52 76 59 44 39 52 65 52 6b 45 57 6b 56 6b 57 4a 58 39 67 38 44 72 76 72 61 31 37 35 57 4c 58 74 39 65 72 49 72 42 6f 52 37 2f 47 4e 74 71 65 79 7a 55 4e 57 6a 4d 70 6e 4d 47 56 47 75 76 65 43 43 43 79 43 63 70 69 6d 4b 69 48 53 4b 79 46 30 69 38 67 33 67 59 34 57 66 31 34 64 46 35 43 4d 69 73 69 64 77 71 49 69 63 43 79 56 74 4f 64 34 37 6e
                              Data Ascii: 6is9nsdiTTaK4kfA9JPAYeVVNTc1KcGxoaGj4H1XeKq6qeGnVNwHodAL2fvQjndsorieQ+GiYJ2uZAqN91aHcCBBrTjiEhSrzV85ua94vImeWuxBhzpIgU+wEciMh/ReS7InI8sK+ITBGRvYD9ReRkEWkVkWJX9g8Drvra175WLXt9erIrBoR7/GNtqeyzUNWjMpnMGVGuveCCCyCcpimKiHSKyF0i8g3gY4Wf14dF5CMisidwqIicCyVtOd47n
                              2024-08-28 13:27:59 UTC1378INData Raw: 73 37 77 5a 59 32 34 44 69 6d 6f 67 31 71 6e 76 63 52 45 35 4e 5a 66 4c 78 57 71 45 47 78 73 62 64 31 54 56 4e 62 6c 63 37 67 31 6a 7a 4f 48 41 62 55 52 4c 64 4e 51 6a 35 2f 74 2b 49 6c 4e 51 72 75 76 65 72 36 6f 48 78 4c 6a 6c 63 64 2f 33 39 2b 37 76 67 72 68 6e 41 66 52 68 74 65 4d 34 33 38 72 6c 63 6e 30 32 58 41 4d 78 78 75 78 46 2b 4e 53 32 65 39 78 37 52 61 54 52 38 37 78 63 31 4f 76 50 4f 4f 4f 4d 7a 4c 4a 6c 79 37 36 72 71 75 66 32 38 76 49 79 56 54 32 31 72 61 33 74 78 72 68 78 62 43 69 62 7a 57 34 58 42 4d 47 4e 77 4d 64 69 33 50 61 30 34 7a 67 48 35 58 4b 35 4e 33 70 37 30 58 58 64 6f 31 51 31 61 69 72 77 76 4f 4d 34 78 2b 56 79 75 61 4a 54 68 38 2b 59 4d 61 4f 2b 75 37 76 37 6f 63 4b 35 47 62 31 5a 49 43 4c 58 5a 54 4b 5a 58 45 74 4c 79 2b 4b
                              Data Ascii: s7wZY24Dimog1qnvcRE5NZfLxWqEGxsbd1TVNblc7g1jzOHAbURLdNQj5/t+IlNQruver6oHxLjlcd/39+7vgrhnAfRhteM438rlcn02XAMxxuxF+NS2e9x7RaTR87xc1OvPOOOMzLJly76rquf28vIyVT21ra3txrhxbCibzW4XBMGNwMdi3Pa04zgH5XK5N3p70XXdo1Q1airwvOM4x+VyuaJTh8+YMaO+u7v7ocK5Gb1ZICLXZTKZXEtLy+K
                              2024-08-28 13:27:59 UTC1378INData Raw: 77 70 55 6f 64 64 30 34 37 42 71 70 67 66 74 62 61 32 6c 6a 54 73 33 79 4f 66 7a 78 39 45 6a 4e 45 6a 45 62 6b 34 69 58 72 37 34 76 76 2b 4d 69 44 71 6b 62 4b 31 71 6e 70 51 77 69 47 38 46 67 52 42 57 52 4f 34 65 4a 37 33 66 38 42 76 59 39 77 79 43 6a 69 69 54 4f 47 55 7a 50 66 39 42 34 43 6f 76 34 38 37 39 2f 57 43 69 44 77 54 6f 39 70 36 34 42 66 5a 62 44 62 32 77 73 71 6b 35 66 50 35 69 55 43 2f 43 31 49 33 38 49 31 79 78 62 4b 4f 47 34 6d 59 56 30 56 56 39 35 73 2b 66 66 70 47 42 38 75 74 2b 34 55 34 43 78 74 4b 6f 34 57 61 68 78 50 75 42 43 68 44 2b 58 57 62 77 36 67 70 73 50 78 42 6b 44 6a 4c 6e 71 71 59 4b 48 75 6b 48 59 4e 56 45 55 38 36 6a 70 4e 6b 79 74 66 49 44 61 69 49 33 4a 7a 4c 35 52 59 6d 57 48 65 76 56 50 55 50 68 57 52 45 55 55 36 37 50
                              Data Ascii: wpUodd047Bqpgftba2ljTs3yOfzx9EjNEjEbk4iXr74vv+MiDqkbK1qnpQwiG8FgRBWRO4eJ73f8BvY9wyCjiiTOGUzPf9B4Cov4879/WCiDwTo9p64BfZbDb2wsqk5fP5iUC/C1I38I1yxbKOG4mYV0VV95s+ffpGB8ut+4U4CxtKo4WahxPuBChD+XWbw6gpsPxBkDjLnqqYKHukHYNVEU86jpNkytfIDaiI3JzL5RYmWHevVPUPhWREUU67P
                              2024-08-28 13:27:59 UTC1378INData Raw: 67 49 6a 73 46 4c 56 73 31 33 55 6e 50 76 50 4d 4d 37 38 45 44 71 43 38 54 35 74 62 41 75 65 51 34 4a 4a 71 78 33 46 4f 44 34 4c 67 55 5a 49 37 39 6e 6f 45 59 59 66 69 49 41 32 48 50 4a 59 59 59 31 34 52 6b 62 2b 49 79 4a 58 41 38 37 6c 63 72 71 68 48 7a 65 6e 54 70 77 2b 4a 74 56 63 69 73 6c 45 71 37 70 35 66 6d 76 53 61 78 72 47 55 62 36 57 2b 67 6a 4d 4d 52 75 78 59 78 6a 71 73 4f 49 54 4b 6e 48 4d 2f 61 4b 6c 71 4b 53 65 79 62 55 52 45 79 6e 2b 2b 52 77 57 49 53 42 4b 4c 6c 46 66 57 31 64 55 6c 2b 76 32 4e 51 6b 54 75 6a 58 70 74 6c 43 66 48 59 34 34 35 68 6f 61 47 68 74 4e 56 64 54 35 51 69 61 48 6d 48 6f 6e 31 4a 48 4f 35 33 44 77 52 4f 5a 4a 77 46 56 6a 53 42 4e 67 61 32 45 74 56 2f 7a 63 49 67 76 59 67 43 50 37 72 75 75 36 73 59 6e 59 55 69 45 69
                              Data Ascii: gIjsFLVs13UnPvPMM78EDqC8T5tbAueQ4JJqx3FOD4LgUZI79noEYYfiIA2HPJYYY14Rkb+IyJXA87lcrqhHzenTpw+JtVcislEq7p5fmvSaxrGUb6W+gjMMRuxYxjqsOITKnHM/aKlqKSeybUREyn++RwWISBKLlFfW1dUl+v2NQkTujXptlCfHY445hoaGhtNVdT5QiaHmHon1JHO53DwROZJwFVjSBNga2EtV/zcIgvYgCP7ruu6sYnYUiEi


                              Session IDSource IPSource PortDestination IPDestination Port
                              6192.168.2.164972740.126.32.76443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:28:01 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4710
                              Host: login.live.com
                              2024-08-28 13:28:01 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-08-28 13:28:02 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Wed, 28 Aug 2024 13:27:01 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_BL2
                              x-ms-request-id: 6ec57b2c-1f46-46eb-8013-c5e2d1cb569e
                              PPServer: PPV: 30 H: BL02EPF0001D909 V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Wed, 28 Aug 2024 13:28:01 GMT
                              Connection: close
                              Content-Length: 10173
                              2024-08-28 13:28:02 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination Port
                              7192.168.2.164973040.126.32.76443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:28:03 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4710
                              Host: login.live.com
                              2024-08-28 13:28:03 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-08-28 13:28:03 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Wed, 28 Aug 2024 13:27:03 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_SN1
                              x-ms-request-id: 97f00230-32d6-4d2f-9df0-ec655c9d1d5c
                              PPServer: PPV: 30 H: SN1PEPF0002F94E V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Wed, 28 Aug 2024 13:28:03 GMT
                              Connection: close
                              Content-Length: 10173
                              2024-08-28 13:28:03 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.164973340.68.123.157443
                              TimestampBytes transferredDirectionData
                              2024-08-28 13:28:34 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bAppL76uu8gacav&MD=dDOyFLyb HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-08-28 13:28:35 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                              MS-CorrelationId: 66a2d972-3158-4f11-89f4-17893cf5ccf7
                              MS-RequestId: b60a32a2-2640-4795-a732-a5d418b9d754
                              MS-CV: PXthBhoebUynH/9Q.0
                              X-Microsoft-SLSClientCache: 1440
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Wed, 28 Aug 2024 13:28:34 GMT
                              Connection: close
                              Content-Length: 30005
                              2024-08-28 13:28:35 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                              2024-08-28 13:28:35 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:09:27:45
                              Start date:28/08/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Password Expiration Notification.msg"
                              Imagebase:0x6a0000
                              File size:34'446'744 bytes
                              MD5 hash:91A5292942864110ED734005B7E005C0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:2
                              Start time:09:27:46
                              Start date:28/08/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "91A55A5E-0045-4C5A-AC4D-9558E075E569" "A9FCC9BB-0589-4C94-9781-4C41417832DE" "3508" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                              Imagebase:0x7ff7c5c90000
                              File size:710'048 bytes
                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:12
                              Start time:09:27:55
                              Start date:28/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://a.rs6.net/1/pc?ep=3883438d73e72a246foJjq_uXy7qjuphSr8GuJsgK6bkJfYDe6FntbUqbsxiBdzgPxR8Hx2QBLwhWsX_2B-jpMl08ribdVPIr28mdRJYSjtOFjYQymRiHOGfARsYbMGywkIEb_zjA2vsnLNnpUCH0rMUzs1r-HOaIbHYFF7fj1_dujsRYQUh6z8j1U07y8BkYxoKhUvGV5zch8lF&c=#hazmatinfo@faa.gov
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:13
                              Start time:09:27:55
                              Start date:28/08/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1960,i,7616632468202148519,7500754851358041386,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Disassembly

                              No disassembly