Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0 (24).msg

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0 (24).msg
Analysis ID:1501293
MD5:41318cb8845f64f0f3f4b42f80bd6939
SHA1:5aa958dfe773d27e9bb8abbafe3d5f4599d2b576
SHA256:9193bd327e00a7abf3128a4835f7e335f4c4881b29644715656f09bccbe3cc14
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6988 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (24).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6284 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7D06042A-1436-4CEF-A6DA-7CD7CABFF406" "B93DD560-ED82-4F46-9FF3-4B68B5FFF565" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 2924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,17132551044684408085,1404673594378875390,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,14117656116701404992,16842391848183497777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.156:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=p+h8FZuCuAFLUM6&MD=2BUuAZYy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAc/iD5vggF7x3aPrwRv3Vo7J%2BwWXp%2BhJHczlexT139pxkJZiUCRV5%2BunOmkSFMaP2FZQ5rhTEnDT0UHoCoZgCsombIdseBRlorMzmWlgpR9vEzT6cfY0gP6dhRCmmbvbOdI%2B1cro9mB4fgkQTL3gVAjDT%2BxQc9O/9Xe8tv6l8qo%2BEOcSXJRVslJzin4as7t2cZ7YCj/jlqvx%2BvGTSPNO8do6A72ucM67u/lGcTQdMSKJzxoCag/UoPHCq1QDsL03AzuFumAJDKhPUQImliJppznvKNzUkJ44XgKZvbztMRzLOgpyBHCKJ42vWJvnQAOZ2mxI3M3DZK2Nv%2B2MHknjRJgQZgAAEM3riuIXgyciq03DC5N5iaGwARkUupVU9%2Be3d8eLo1c%2BLNDQXE7uj55ugFIRKN31n/ZzuBQ4hRqqvBbyuNL8JXj0j//1W9K2zEyjYw0SmxmpZ9KRPGhTGAVvzo7T9ClABnBvxITNceIMOgKI2TUNA1zwfo8jqP%2BOdkJ8XxrbG7LMSpqcr1KbTSyuXS3ux63rTZvBQUXs1htKz8FdwHm7Eyl90MmZZhNATt439p8p87fK0xYsj1z/xb651TF/3luoQ3fZqXD0zNhzDmwuS/2h8cHQATvZ052qu%2BSoVfriovk442QIfl/t3pxKdQf/CVgc649AZfp0FJvkxa6XZCct4f0Dn8fgrENgahxnkrFJEEmKMUJvvjhD75re6DYX4I2JPz/I8hoUdSSh52XrmJpFsCKlBgnM8DtKgQLaOpExb/niN6z8KtNN5NoOINZhSv9Oj7p1gUmEaW8zdXtCOuc952NRMyLSgBn586i7zfVV9KXjjgtj1WN2aazNwPyipN4Qnchonb3qVj6q/jTanDw2mobTJePUqoINBFjXx%2BG215VL29sRUXNWG7DJM7qPquREzVuiesL%2B0HSax8A4Ycr24lxhvdcB%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1724944598User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 17BEBAA7B14A4FC2B56FF04C7735F17EX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global trafficHTTP traffic detected: GET /file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=p+h8FZuCuAFLUM6&MD=2BUuAZYy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQj5wNQVSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s
Source: global trafficDNS traffic detected: DNS query: drive.google.com
Source: global trafficDNS traffic detected: DNS query: docs.google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 29 Aug 2024 15:16:43 GMTContent-Type: text/html; charset=utf-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttContent-Security-Policy: script-src 'report-sample' 'nonce-W3H32mruDRMy3FZVXAfy1A' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/Referrer-Policy: strict-origin-when-cross-originX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSESet-Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s; expires=Fri, 28-Feb-2025 15:16:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 29 Aug 2024 15:17:04 GMTContent-Type: text/html; charset=utf-8Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttContent-Security-Policy: script-src 'report-sample' 'nonce-kWNctq-_1If1mvTZRXMiAw' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/Referrer-Policy: strict-origin-when-cross-originX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: ~WRS{684F1577-E069-4169-AA79-DA7D06AF3492}.tmp.0.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: ~WRS{684F1577-E069-4169-AA79-DA7D06AF3492}.tmp.0.drString found in binary or memory: https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web
Source: chromecache_129.15.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_129.15.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_129.15.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_129.15.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_129.15.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.119.249.228:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.156:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: classification engineClassification label: clean2.winMSG@29/34@10/6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240829T1116090050-6988.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (24).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7D06042A-1436-4CEF-A6DA-7CD7CABFF406" "B93DD560-ED82-4F46-9FF3-4B68B5FFF565" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,17132551044684408085,1404673594378875390,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,14117656116701404992,16842391848183497777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7D06042A-1436-4CEF-A6DA-7CD7CABFF406" "B93DD560-ED82-4F46-9FF3-4B68B5FFF565" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_webJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_webJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,17132551044684408085,1404673594378875390,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,14117656116701404992,16842391848183497777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.14.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1501293 Sample: phish_alert_sp2_2.0.0.0 (24).msg Startdate: 29/08/2024 Architecture: WINDOWS Score: 2 6 OUTLOOK.EXE 68 130 2->6         started        process3 8 chrome.exe 8 6->8         started        11 chrome.exe 6->11         started        13 ai.exe 6->13         started        dnsIp4 20 192.168.2.16, 138, 443, 49385 unknown unknown 8->20 22 239.255.255.250 unknown Reserved 8->22 15 chrome.exe 8->15         started        18 chrome.exe 11->18         started        process5 dnsIp6 24 www.google.com 142.250.185.68, 443, 49732 GOOGLEUS United States 15->24 26 docs.google.com 172.217.23.110, 443, 49729 GOOGLEUS United States 15->26 28 drive.google.com 216.58.206.78, 443, 49722, 49736 GOOGLEUS United States 15->28 30 142.250.185.228, 443, 49743 GOOGLEUS United States 18->30

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://fonts.google.com/license/googlerestricted0%URL Reputationsafe
https://aka.ms/LearnAboutSenderIdentification0%URL Reputationsafe
https://docs.google.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
docs.google.com
172.217.23.110
truefalse
    		unknown
    drive.google.com
    		216.58.206.78
    		truefalse
      		unknown
      www.google.com
      		142.250.185.68
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://docs.google.com/favicon.icofalse
        • Avira URL Cloud: safe
        		unknown
        https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_webfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://fonts.google.com/license/googlerestrictedchromecache_129.15.drfalse
          • URL Reputation: safe
          		unknown
          https://aka.ms/LearnAboutSenderIdentification~WRS{684F1577-E069-4169-AA79-DA7D06AF3492}.tmp.0.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.185.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          142.250.185.228
          		unknownUnited States
          		15169GOOGLEUSfalse
          216.58.206.78
          		drive.google.comUnited States
          		15169GOOGLEUSfalse
          172.217.23.110
          		docs.google.comUnited States
          		15169GOOGLEUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1501293
          Start date and time:2024-08-29 17:15:40 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 46s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:21
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:phish_alert_sp2_2.0.0.0 (24).msg
          Detection:CLEAN
          Classification:clean2.winMSG@29/34@10/6
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Found application associated with file extension: .msg

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.68.129, 2.19.126.160, 2.19.126.151, 88.221.110.91, 52.182.143.211, 142.250.184.227, 142.250.186.142, 74.125.133.84, 34.104.35.123, 142.250.185.106, 142.250.185.195, 216.58.212.163, 142.250.186.67, 142.250.186.99, 64.233.184.84, 142.250.186.78, 142.250.185.67, 23.212.88.34
          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, ssl.gstatic.com, e1324.dscd.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, a1864.dscd.akamai.net, www.bing.com, ecs.office.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, uci.cdn.office.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, uci.cdn.office.net.edgekey.net, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net, onedscolprdcus13.centralus.cloudapp.azure.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • VT rate limit hit for: phish_alert_sp2_2.0.0.0 (24).msg

          Simulations

          Behavior and APIs

          No simulations

          LLM Input / Output

          InputOutput
          URL: Email Model: jbxai
          {
"brand":["swissblkim",
"interblue air & sea co.,
 LTD."],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["Rate and availability",
"Many thanks in advance for your reply and help on this request even if no availability."],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
          URL: https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web Model: jbxai
          {
"brand":["Google Drive"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
          URL: https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web Model: jbxai
          {
"brand":["Google"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          239.255.255.250sxs.exeGet hashmaliciousUnknownBrowse
            http://www.water-filter.comGet hashmaliciousHTMLPhisherBrowse
              https://t4w86zlc.r.sa-east-1.awstrack.me/L0/https:%2F%2Fdeverechemicals3.s3.amazonaws.com%2FDeveres3project002files.htm/1/010301919a36c887-bd0fadb9-69a9-4c66-8a65-7770fcfd1a1e-000000/4liC3XgeimVwv5ob78Q6Bl4nESk=173Get hashmaliciousHTMLPhisherBrowse
                http://econltractors.comGet hashmaliciousHTMLPhisherBrowse
                  http://general72.s3-website.us-east-2.amazonaws.comGet hashmaliciousUnknownBrowse
                    https://rebrand.ly/340957Get hashmaliciousUnknownBrowse
                      http://premium.davidabostic.comGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          https://elc-path.com/pdfglobal2/docs89q9eqwwe/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015Get hashmaliciousHTMLPhisherBrowse
                            https://gocloud.co.ke/ShareDocu.php/?email=cmFjaGVsakBjb21wbHl3b3Jrcy5jb20=Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              28a2c9bd18a11de089ef85a160da29e4sxs.exeGet hashmaliciousUnknownBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              http://www.water-filter.comGet hashmaliciousHTMLPhisherBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              http://econltractors.comGet hashmaliciousHTMLPhisherBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              http://general72.s3-website.us-east-2.amazonaws.comGet hashmaliciousUnknownBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              http://premium.davidabostic.comGet hashmaliciousUnknownBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              file.exeGet hashmaliciousUnknownBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              https://elc-path.com/pdfglobal2/docs89q9eqwwe/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015Get hashmaliciousHTMLPhisherBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              https://gocloud.co.ke/ShareDocu.php/?email=cmFjaGVsakBjb21wbHl3b3Jrcy5jb20=Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              https://piclut.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPWNrcHVSM2s9JnVpZD1VU0VSMjkwNzIwMjRVMTgwNzI5MDA=Get hashmaliciousUnknownBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              Message-ID 08282024 110831 PM.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 13.85.23.86
                              • 184.28.90.27
                              • 20.190.160.22
                              • 40.119.249.228
                              6271f898ce5be7dd52b0fc260d0662b3https://tmx.velsol.com/Reporting/Document.aspx?MasterAgreementID=i1339-005394573&ID=aQAxADMAMwA5AC0AMAAwADUAMwA5ADQANQA3ADMA.Get hashmaliciousUnknownBrowse
                              • 2.23.209.156
                              https://poge5h0vrx6.typeform.com/to/W4wmNoC2Get hashmaliciousHTMLPhisherBrowse
                              • 2.23.209.156
                              (No subject) (63).emlGet hashmaliciousHTMLPhisherBrowse
                              • 2.23.209.156
                              August Shipment - Inv No. 041.xlsGet hashmaliciousUnknownBrowse
                              • 2.23.209.156
                              Bonus_Acknowledgment_Letter.docxGet hashmaliciousUnknownBrowse
                              • 2.23.209.156
                              http://vfyfmsbonl.weebly.comGet hashmaliciousUnknownBrowse
                              • 2.23.209.156
                              https://www.linkedin.com/redir/redirect?url=https://assets-usa.mkt.dynamics.com/2143bba1-f463-ef11-a66d-6045bd003910/digitalassets/standaloneforms/3d28dcfa-8464-ef11-bfe2-0022480a9151&urlhash=OzMH&trk=article-ssr-frontend-pulse_little-text-blockGet hashmaliciousHTMLPhisherBrowse
                              • 2.23.209.156
                              https://www.linkedin.com/redir/redirect?url=https://assets-usa.mkt.dynamics.com/da18b4d8-ef63-ef11-a66d-002248282d21/digitalassets/standaloneforms/c645fb5a-f963-ef11-bfe3-7c1e52023edb&urlhash=Dt1u&trk=article-ssr-frontend-pulse_little-text-blockGet hashmaliciousHTMLPhisherBrowse
                              • 2.23.209.156
                              External VM-Transcript Caller Left 3 CALLMSGS 000047Secs 2808.eml.msgGet hashmaliciousHTMLPhisherBrowse
                              • 2.23.209.156
                              https://appeal-right.netlify.app/Get hashmaliciousUnknownBrowse
                              • 2.23.209.156

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):231348
                              Entropy (8bit):4.387786125176233
                              Encrypted:false
                              SSDEEP:1536:5pYLTigscJe2R/M/ZgsQHNcAz79ysQqt2I7kaqoQ/prcm0FvM35ycMRhdPhflNJ7:cWgFZSgBmiGu2GqoQBrt0FvrVT7pKXa
                              MD5:5A6877EDCD9F5BDC0AC6025E9CA0300C
                              SHA1:9614F7AF31B8EB18D33EC3B31501AFD9CFC79AD7
                              SHA-256:1E4D2A19358F16923CD382B1CB5FD74ED421253C5801BF2CC700BA81F28398E9
                              SHA-512:D7171FAF552B590539FC068B08A04BA1321773F2B17B998843B8EEB1ECA1B5825B35F433D6CF74D232CB182E3B8FA7ED00B03D6A4E109E8810ACE32961704784
                              Malicious:false
                              Reputation:low
                              Preview:TH02...... .0PSW&.......SM01X...,...`.EW&...........IPM.Activity...........h...............h............H..h.Z......_.F...h.........$..H..h\cal ...pDat...h...0... .Z....h.Zm-...........h........_`Pk...hi\m-@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h........8.Z...#h....8.........$h.$......8....."h8\.......]....'h..............1h.Zm-<.........0h....4....Uk../h....h.....UkH..h`...p....Z...-h .......d.Z...+h-Zm-......Z................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:dropped
                              Size (bytes):322260
                              Entropy (8bit):4.000299760592446
                              Encrypted:false
                              SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                              MD5:CC90D669144261B198DEAD45AA266572
                              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):10
                              Entropy (8bit):2.4464393446710155
                              Encrypted:false
                              SSDEEP:3:LBc33:tU3
                              MD5:2BB37F77943E80494F6C8CFF5E322C0F
                              SHA1:19C08E71738FE5C84A0548B0A2DD93931EC608F1
                              SHA-256:A4AD22E5545C2ABBBD28089C6766EAE86585581CEE1EA28CDEE49C75918561CC
                              SHA-512:A096BFDD1E2AF25A6285C8A527478E475159D243C9748F31EAC9A2024FB7BA5E8AB4C0649AF7503CF62400E32FB6CF6C2C7A33E1FA3281B412EB06249495F818
                              Malicious:false
                              Reputation:low
                              Preview:1724944572

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                              Category:dropped
                              Size (bytes):4096
                              Entropy (8bit):0.09304735440217722
                              Encrypted:false
                              SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                              MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                              SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                              SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                              SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):4616
                              Entropy (8bit):0.1384465837476566
                              Encrypted:false
                              SSDEEP:3:7FEG2l+rSrl/FllkpMRgSWbNFl/sl+ltlslN04l9XllX:7+/lLjg9bNFlEs1E39f
                              MD5:F3A685B9457ABE610EA3E0B9C9193ACD
                              SHA1:033647083C82CD1D4FBB5D5409DFD0339AA66CE7
                              SHA-256:5AC04FA0D76A2EECEC04F07742BA12712AB36E7E63470F02FE679CEE33183475
                              SHA-512:D087C80F8DF0FEE77784826BBA9589D45BFBA7970B2C64F3799FF467739002C388A7907595D0FA713CD0B37DFBCB42598FA33B3258CF086F5368A89DE445CA9D
                              Malicious:false
                              Preview:.... .c.....N7......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.04422245817170857
                              Encrypted:false
                              SSDEEP:6:G4l2Wr/gRIl4l2Wr/g7SL9XXPH4l942U:l2agelo2ag7S5A0
                              MD5:2752C000EF901F19B469F222CD08EB9F
                              SHA1:59C97CBCB2AC275F77A1E1C699D94A51EE7B4D61
                              SHA-256:375EF0BD53263413CF2C184DCEE77F528A66A2CF4DEA52D65DBAC405C65127ED
                              SHA-512:14C0DEEBC657E8A9AAF086635DCC4ADE3DA16C22D019FB09420375EB39796A584CE9074821CEE6AEEBB97BF364B936EB62C196FDF0A4659431A3859F370ACA87
                              Malicious:false
                              Preview:..-.....................~.#...]?X.y....E..6..8C...-.....................~.#...]?X.y....E..6..8C.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite Write-Ahead Log, version 3007000
                              Category:modified
                              Size (bytes):45352
                              Entropy (8bit):0.39301824469222185
                              Encrypted:false
                              SSDEEP:24:Ks7QFQMIzRD2Ksill7DBtDi4kZERDDt/OyRxqt8VtbDBtDi4kZERDudN:F7iQjZsill7DYMVxO8VFDYMkN
                              MD5:10E333B227C8877FA6C166CA4AB129A8
                              SHA1:A91299C2EE2F7FB31F29CBF0BD18C0FCD2DFAF2D
                              SHA-256:02EE2DAE22036BF2C1E315EC36448FF95A1A842988423DA3BD64EEECE37C7DB7
                              SHA-512:9EFA88BAC74D6C291B0BC510F4B13F1931F30DB5DE933D9D835D4FA3A6E98AF084212F8C5B585C52058889A33A5354F7406D41DD201DF3B1B45751B1A39FE73D
                              Malicious:false
                              Preview:7....-..........X.y....E.a.k............X.y....E..p}.1.wSQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A2638346.dat

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:GIF image data, version 89a, 16 x 16
                              Category:dropped
                              Size (bytes):273
                              Entropy (8bit):6.722302809246912
                              Encrypted:false
                              SSDEEP:6:NaPa9gRkJrZMVpbx9Np933fpEOJfAua4xNza2QArrVQ9pV:UaCRkJkx9NfhEO1A9SeRArCpV
                              MD5:1F02EA1AA1DC978D41517B1A52EA4B78
                              SHA1:764D1EB5AE76CFD8A4561F96383288CCC5333166
                              SHA-256:1B5EFC9016D5943E121982EAFEAFA4AF966BCBCDF077D9A64A570942332122CD
                              SHA-512:19A9A4B79FE0631C4FC9F7932AD1BEEB991B319B31BBFB5602B8575F02000C6B470329C8DC16AB3A3E7F289E1B58C1B474DA85B55B8416677376FDA770FB5F32
                              Malicious:false
                              Preview:GIF89a.......4L.8l 4b.k.eU.EH.8..F.,;w....=}#d.]3Y.^.V.........s.o.........o.l...\.U2l......................!.......,............'jdi..y..Z'..r.Dq(....p(.2.... l.....z8...08D....z.\...".....k.........t..........pr.D..../e.DD.d~........}r(+p}V~...e...U2#.I...HH!.;...

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B7318E8F.dat

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:PNG image data, 387 x 473, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):85523
                              Entropy (8bit):7.988439845601528
                              Encrypted:false
                              SSDEEP:1536:zEk7wnzhLzKb6FwaOY0cTs6SAYv+wZmWibfRhG4ORRIwtf2OyvnT9MrKMXkjpKLJ:zEKwnNLzKb6iVLcTy+wEdbJE4ORRBYOT
                              MD5:0AC1C44F1B0E74290732794D60B40520
                              SHA1:F038B4A29EE398359D9E976F4378322C2BD91740
                              SHA-256:8EB1070CB3703DE61BD1CAAAF638E6410E1F827ED56907212E8F885210875327
                              SHA-512:3E98C118289656034881DE1797FCBD3B251382B85CF44B82E4A2ABFE161EA85C68280D3C718AA7D048694C8B25B31F26D648141E835D84328BF2F86BBC21BC6F
                              Malicious:false
                              Preview:.PNG........IHDR.............dqW.....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^..`U...8.=...[.:.U[....{..d).D...nAE....w..I.!.L2..{.........K...~.=.q.y.~....^...EQ._<j...(....(..f.(......54...>..]..W....:.p..\QZY..^.s(.'....9.{ ......s..v......y....8.~>&%..w....>..yg0}%.2X'.P.E.9..E....G..:.t..S..r..@c0p.......8...J.7.J..2..t..c/.yY...<g...4...M..(?u.4..<.*.+.f.|v.6.2.EA;1.s...gZ.s.g].[.[.l..U..4.w........43EQ......`a...g...........3=.1.:..>......2.OW....../30..;.O~.f`.b>Wtf.<.<&.....U.Wz....y{..F..}5..U.&N.@Q...]...h.....P8M9...+3.9.:`9...<.....]3...(.Wt..."i......j.!8..3...9.L.........e...8....}.,..(.O.n.....LCx.....i..g.Z...#...y....Lon....4..c..L.u...`..sU.i....E.9b...n.=t..pw'.......:.SX7.J....{.<O.f....X.F.Mz>C0...8.....v.s.^.(..s.k+.EQ.....(..f.(....(..(....(..f.(....(..(....(..f.(....(..(....(..f.(....(..(....(..f.(....(..(....(....Ih.p...x..E.i...+..#...N...Cs-.Z/..V+..m...o..Y.......q{....3...#...o...mV.e..RB.D.H..%..q..M.

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{684F1577-E069-4169-AA79-DA7D06AF3492}.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):2796
                              Entropy (8bit):3.2562565347508405
                              Encrypted:false
                              SSDEEP:48:9+b7L2V2SwWMqlDSkV8XnVX/lXe0FaaNZpkDFwn8YlFiQLKLSAD7:HV2SwWfVGG+9L7q7
                              MD5:C7181F8339F672601BB9455C4DF854B8
                              SHA1:4183F0C615C5D3EFCC276AAA0DF4ED1C72A081A3
                              SHA-256:3C7F7BDCE47FB2B9C6CA69B452C0E56AE2F9E45E4B8A4FE559381BA69A177A4D
                              SHA-512:F583A14129F9E1EF50706609493030721CFCFE0B2005F65D5AA59423ADDD9BBB5BACBF6E0325258D056348CA4ED251AD0DA6F0263AD8FEBD36A79E8A946C9DA3
                              Malicious:false
                              Preview:......S.o.m.e. .p.e.o.p.l.e. .w.h.o. .r.e.c.e.i.v.e.d. .t.h.i.s. .m.e.s.s.a.g.e. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .s.w.i.s.s.b.l.k.i.m.@.i.n.t.e.r.-.a.i.r.s.e.a...c.o...k.r... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n."..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-D..M...........*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724944569245931700_6D4D051C-6064-4563-8E9B-3657F9ACB24B.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with very long lines (28741), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.17743024740013083
                              Encrypted:false
                              SSDEEP:1536:Ga0/ObkfWqTYwI9OoB3xwNdL5lwBdQnUjS5OstCKkQ81lB/60MLua1ViB:vbqvdI9J67lcC/iB
                              MD5:0F459259F725CA42A0A73A646585E83A
                              SHA1:D48D289A11F20A31C5716FFEB8F8E8AD40C29E9F
                              SHA-256:FBCF07BFFDA3EC3169871BCB4A47547E729112C79EAE1D82D33140E187348901
                              SHA-512:98C928EC05BE0EA36E3FBEFCFBE0F18A5846EACD2C250F9B93BC4F2A36CFCB804D12FB123BD890A69FF76BB8B2EA7D1CAC0C993E0F39E60D960A4C9C3BC9FBC8
                              Malicious:false
                              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/29/2024 15:16:09.306.OUTLOOK (0x1B4C).0x1B50.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-08-29T15:16:09.306Z","Contract":"Office.System.Activity","Activity.CV":"HAVNbWRgY0WOmzZX+ayySw.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/29/2024 15:16:09.322.OUTLOOK (0x1B4C).0x1B50.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-08-29T15:16:09.322Z","Contract":"Office.System.Activity","Activity.CV":"HAVNbWRgY0WOmzZX+ayySw.4.12","Activity.Duration":11502,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724944569246707400_6D4D051C-6064-4563-8E9B-3657F9ACB24B.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3::
                              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240829T1116090050-6988.etl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):90112
                              Entropy (8bit):4.451044527147944
                              Encrypted:false
                              SSDEEP:1536:UV64lWp9ElpBfmbSlR6s0RSP/u+y5olcEfd4XcXiktq:UV64lMO5los0RSP/u+y5olcEfd4XcXdq
                              MD5:9360D3D98C9BF6442B28B46BC19A10D2
                              SHA1:76DFB39C8F18F50353999F1FFFBC2FEDAA5A495A
                              SHA-256:E052A0E64167D75317180076631FC4BAE0D58B287E947BEB4A66EA04154CA9EC
                              SHA-512:E5D3E6FDEFA1CAD2F62698643CF026306F33658FB809FFE1DB5562595AEAC1D5AD96A2E69B0B7F12C85F84563EDB3B2DECC609EDAF5F40D3B1D2090FDA2453E8
                              Malicious:false
                              Preview:............................................................................`...P...L.....2`&...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................)..Y............2`&...........v.2._.O.U.T.L.O.O.K.:.1.b.4.c.:.d.d.5.e.7.b.c.0.3.c.1.e.4.c.3.e.8.c.c.a.5.f.2.9.b.e.d.c.2.1.5.f...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.9.T.1.1.1.6.0.9.0.0.5.0.-.6.9.8.8...e.t.l.......P.P.P...L...!l5`&...........................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\~DF6D5A9E25BC0A591A.TMP

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):163840
                              Entropy (8bit):0.32866108840431163
                              Encrypted:false
                              SSDEEP:192:73nfXpgJKMtFaN7TcGeO2Xx8yNgz0XHWQOAIAbAFAqwNh/:Fg0XMO2KFz0XHOAIMu
                              MD5:E21F3B2E281ACB37385121622C5AE722
                              SHA1:D0AA90D3C2DC2C1D90FDC212070CA37D7B6DF447
                              SHA-256:ED18E565C72C7C8B045BA89C78B2E6BBBE8D084B237838E50B6966A9E2E7D062
                              SHA-512:E3EC246E256F550BA2D918A2D4FF7BF45CE9D29A4290B831B8B7DBC9FA17860C22FA5B5463F7B309D9810F1360A475E24EF3C9E8406056CC0DB2E5F80801A7DE
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):30
                              Entropy (8bit):1.2389205950315936
                              Encrypted:false
                              SSDEEP:3:DIj:E
                              MD5:1053C032F0AD7B1C6B84C49B7098BEF9
                              SHA1:AB4813331883CE557239661EE236D63A4D5110EC
                              SHA-256:77E940142C47790807734EE5D4105B8DB982E9DF58C920FACCCD4392627D6E6D
                              SHA-512:C7EE55146F7D38E7356CD842ACA2502622F1958F0F23085268CAB73B9E9326C6874B452F7CFD4023C9F5BAA087DC8FD4C3D0E8B3A168EB7EE99FE7D6D568B5AD
                              Malicious:false
                              Preview:..............................

                              C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:Composite Document File V2 Document, Cannot read section info
                              Category:dropped
                              Size (bytes):16384
                              Entropy (8bit):0.6698344026591243
                              Encrypted:false
                              SSDEEP:12:rl3baFpsqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCuV:rsmnq1Py961uV
                              MD5:664056762C7AD08DB973FAC424EA579C
                              SHA1:7AD7D61D23F6EE055C95360156F94B92E75E11DE
                              SHA-256:439C85C220E6EF5F2C32CB50C426EDE63C344A4FD7D3A663853A1BF0E14D7A07
                              SHA-512:FBA3F9E8E79D6FF04C21699C9FDD6392FB6A90DB7472ADB76C6B214C1585F61BEA9C84192AD908CCA3BE3C6A9C5327F43E66D901310B24CEA15C1953381A317B
                              Malicious:false
                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 14:16:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2673
                              Entropy (8bit):3.9897309196651927
                              Encrypted:false
                              SSDEEP:48:8Ld0T4ULHEidAKZdA1FehwiZUklqehzxy+3:8eHu2xy
                              MD5:073F8FB25958345968EDFFEE9E37D03C
                              SHA1:4430BE571CCA08A0CA5C84E5A3A8B325EB383DD9
                              SHA-256:D166AE797AAE15E7E9E7395DC859B7C35562A55EDC2C40D9FB21F34F744C98D1
                              SHA-512:46024ADF2BDF117F08D1A161875FAA0E1AB62C0B7610D41AD47832E6711183607E8D80E23C3355FB68F86D99F2BF7ECD46E38A0DD6220F85B8606F9F4531E840
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,......t&...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 14:16:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2675
                              Entropy (8bit):4.004655075922839
                              Encrypted:false
                              SSDEEP:48:84Fd0T4ULHEidAKZdA1seh/iZUkAQkqehmxy+2:8pHI9Qhxy
                              MD5:C075D13E34B6A6FF268F737A92A3EF6C
                              SHA1:CA87DB659D91DE66786DD54FC4E7F0BE0CAF7E82
                              SHA-256:387663A4F79FE4C735435118516B3E880A3C6151198CA40F2667906B412C8BB4
                              SHA-512:7159D82E63271711AD691E31E636F499A0342B6EE1946E6823C2FCF263610BB0AE38EEE287345F2EEE3DABE9C40379C78C0DD882A1768F3BA31A552661EAF5C1
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....C.t&...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2689
                              Entropy (8bit):4.013458976407763
                              Encrypted:false
                              SSDEEP:48:8ed0T4UAHEidAKZdA14meh7sFiZUkmgqeh7sExy+BX:8xHdnKxy
                              MD5:520C534B4AAFFB687739596DB4B91844
                              SHA1:E20AFAED63411786E80E29BDA622A0AFD6A73A1E
                              SHA-256:359D53133D048D14946DEB3F6DCBE2F2C99866DF00ADCD7C7556A40F5406CE6E
                              SHA-512:EDB4579D8242C0428DC2B4F5964A127682C2C36334904AF99DDE72DFDB9D39949320CFE867345C7BA071126975D51A8A5742697578636CD8C9B1D958D94D0A52
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 14:16:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):4.0039403532622755
                              Encrypted:false
                              SSDEEP:48:8od0T4ULHEidAKZdA1TehDiZUkwqehixy+R:8/Hj8xy
                              MD5:7261FE0CCA2A19CE3D891B88D383FD46
                              SHA1:F13C93AA37EE1DA5359D03BE9ABD403B2C790D31
                              SHA-256:7DD5784E8CEEB9652E579E5FBD4555AC0D4B538685C84189FBDB5C63594909C1
                              SHA-512:3EA7ED3997592EA91735430D255FCB58A707FC7F285D278FF9393ED4CE95A681359E16A4AE9D8E62780EBC5E17A30AC591BF18DBDC4302B246EF39BC8ADC7D4A
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....H..t&...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 14:16:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.993472614323987
                              Encrypted:false
                              SSDEEP:48:8XQd0T4ULHEidAKZdA1dehBiZUk1W1qehYxy+C:8XHT94xy
                              MD5:798DBC9E132EC6DE8D8298CC97E1B052
                              SHA1:7834C7836B0BD42920293E8BAEE6929CBC2DA68A
                              SHA-256:09DBFFE70BD52B9BAB1B67834C48D620DFA6F834656B0CE3456F01C3B87A9A9E
                              SHA-512:C1CEA26A88836EADE7C536A3690823011EB90869508E37D5A1462DA33480365961ABD252C73313AAAEE7AFBE82570F216F1EEB98DA27F5BCFFB1AF486E471E26
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....*.t&...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 14:16:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):4.003064240400507
                              Encrypted:false
                              SSDEEP:48:8Ud0T4ULHEidAKZdA1duTeehOuTbbiZUk5OjqehOuTbKxy+yT+:87H3TfTbxWOvTbKxy7T
                              MD5:0CBE04D2700E604CD726F5459860E3A4
                              SHA1:1607817D709C74444E7BF5193AEE678D9C350D4A
                              SHA-256:56E0C4AFC71C7E04C8D796A578269DCDB4B7E567A483EB895D563A01F1A7DCED
                              SHA-512:F61D0203B41EA330C4BF83FA7E1389B1AEB4E09D576B8CC00EDDADD6FA7F05970DF9D44BDCE06D4837CA98D8B3552C82520D58FB8333D8F9756CCCE8AE199751
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....]..t&...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:Microsoft Outlook email folder (>=2003)
                              Category:dropped
                              Size (bytes):271360
                              Entropy (8bit):1.3138020936047539
                              Encrypted:false
                              SSDEEP:768:ZQcVX0sRzL5H0e0kFg8B35+FfibaapdGZ1YRDqHBDTIQ:H0sduhAPpb/k1YReh4Q
                              MD5:C3CBB1FE2E9CE502644DE37869F5C71E
                              SHA1:9FD2C368046EAD22D64C14168D02559A017518DB
                              SHA-256:B10F71720F8DF75FBFE7AFE03751DBDFFBD6C6F9BA50345EB90133BAD8D9596B
                              SHA-512:B17A850B9585F40E84B0C83B88BAA1D81C376FF5331F5975ADCD207FE304AAA450A970BF8549553EC8FA33BF6D91273303A1CCCAEA059EA2116753B95353402F
                              Malicious:false
                              Preview:!BDN...LSM......\...N...................Y................@...........@...@...................................@...........................................................................$.......D.......K.......................................x..................................................................................................................................................................................................................................................................................$........r.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):131072
                              Entropy (8bit):1.482599775955421
                              Encrypted:false
                              SSDEEP:384:zYVpS4MRWMtD5TyoGNWFNTl7usn5Cc0PIenbEG0yv8mjTIGd5u11gy883FW1ZrIL:om5vG0dnMXdbHBDTIQs6y883FsC
                              MD5:BB8757B10CF412254C903B7CB421E039
                              SHA1:73653CFB9534AFB9AB33E381FDD3E00704FBBCBF
                              SHA-256:D7BEE64D7C7F615FE60EDF60A5C05A8C2E6A305F712DD5AEA937FE2D28884876
                              SHA-512:4B83D33EC0F3A7851FF0D91C2F261528138D243EEFB0085A2CDBE7CD9858C8539F662E1325EC8DF8C34621DE2F228F0E395B301DC034EBFD7536E8C4D4D1BF76
                              Malicious:false
                              Preview:..r~0...8.......L......`&........D............#...^.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................g....D.......3..0...9.......L......`&........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                              Chrome Cache Entry: 129

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):1420
                              Entropy (8bit):5.437116384142019
                              Encrypted:false
                              SSDEEP:24:G9vCD7OYs/dPrWq/bF/RRD7OYs/dPrPfuO4D7OYs/dPrcMRVc+u/rD7OYs/dPrrN:GUOL1jWqjFZVOL1jx+OL1jdRVc+u7OLv
                              MD5:B939B48641DD382769F5A921A51354D1
                              SHA1:3E649193F051D481FCA5EB499FCB451ED6DB14C2
                              SHA-256:87DE156E2BD6004CC029BDEC39839C051DC935899C041DD6CA96E98C2585C402
                              SHA-512:9230358837E8D98E2B584704D53AD00FF6F2AD03A59D02479D6D064906D87A3CD21A823DBCDBEE156359675D0A0AF018FD927A32BD4118D2864CC385EF2F28FC
                              Malicious:false
                              URL:https://fonts.googleapis.com/css?family=Product+Sans
                              Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2) format('woff2');. unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;.}./* latin-ext */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F,

                              Chrome Cache Entry: 130

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 116 x 41, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):2408
                              Entropy (8bit):7.8989590488026415
                              Encrypted:false
                              SSDEEP:48:adcls8jg/0B2EeZDjqtstuXgBsC4Z/zOCN4cfuptv0M+kXggLyr:hlsEVeZiW8XE4Z/zO3cf47+Igxr
                              MD5:A62A4E4A142FBC4A6583B50C154AA1BD
                              SHA1:105DAF8E2CCDD2AD5C18D507CDAE5926FBA0E764
                              SHA-256:A9CEF4D58336842DC12848055C5E8D17A02B2FEF3EEC87E5AD171DC699D49D23
                              SHA-512:A3B84323F28035829E5F16AA84D1314BE328037D97BCB91AF2DCF17EA65F580CD17C0135DDDD627320C8D04F0A3F12E5C952C4FA8A6AD7F1876F1803A7996B4F
                              Malicious:false
                              Preview:.PNG........IHDR...t...).........../IDATx..[}..e.~ao..S...E..x..........^.."`s..DD...4......+4..$.kL...@....J..(Pi.......~....\..=w.=1..vnwf....$ovw......}~.o..8K...*.iys..3z...>.3.....5.E....?.B.|(..g..;5..Ts...ok..t.:...X.........u>..G.9.. ._3^..'.dg1bO..&...c......+Y........).. ..g..y}H.4..2A.).e..!.v.U/e.z.."jv8N..cD.(Gh..:$t..E..U.O.LC.w0.:..d.=....d..B..G..9.....$..\%S...CB..P.....{..I.bv.J.r... ..9.1;..X[?.V..Ys!;.(...*j\.(./.U.k(%-..;..@}.-..D.Z.....jmf.f...H}...S..]h.;]C.J..$.hw..._QV..j.k.%....8.....su./.3...'RR.;.......JJlGQ..i%.-M......D..G.....K{s|S..+...$...O.#D.....zH,..E..%.h"..&....#..t................@......_...N...~.IW.Kla.?...k.F../...a..3.{0Qv...ZL.ZQ.....~..s.....o.V...0+.6.3..n.f.n...{..W.....dyn....."&`E.:.V....d.0."..BhEi.he..2F...J..Wc.[=m.~.......<......8.4y.3...*.}....%5~.Q.t.{8...+.l...[..h..*.]D+.....~Z......L...NCE.F[P..........MPB16l#.U.{......(..'..@....:Bn....$T.p)%u:oV......>...J.t.Aj.t.Gf

                              Chrome Cache Entry: 131

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):831
                              Entropy (8bit):7.690596689293278
                              Encrypted:false
                              SSDEEP:24:ars5HGJLO4eG5bQxWGUpbIW779bHBoLU489YmBZo:arssA4L6hvaZ7wv8mmI
                              MD5:916C9BCCCF19525AD9D3CD1514008746
                              SHA1:9CCCE6978D2417927B5150FFAAC22F907FF27B6E
                              SHA-256:358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
                              SHA-512:B73C1A81997ABE12DBA4AE1FA38F070079448C3798E7161C9262CCBA6EE6A91E8A243F0E4888C8AEF33CE1CF83818FC44C85AE454A522A079D08121CD8628D00
                              Malicious:false
                              URL:https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                              Preview:.PNG........IHDR... ... .....szz.....IDATx.b .....+......m..dW.@..tm.Y.....m.....m.m..L.|.....{..b...t..........=H..qt..V..X..<jQc...p...fdU.\2.....9T...Jz!9...L.)&.....n....`~.T.\.\.$.....qQ.....LFOx......^&,"bB..Lh9$_.6<...A...Q.T&y.,'...p...W`.2.?X(.o.4.J?.2...@.4...*..X..c......[UZJ...MN.].z..f..DFe.J.....:!r...0X......).....^*..!....u..c..R4.GH....Y....E....Q......+!..)...e"......,.Ge.r.T..!..r..(.|.9f...}......(...s..N...[..~.%6QF..g..r......CN.e"(..uY.h._1.H.e....r.k..%^S.c..<..0.s.j..,D........]..y.2(..OC.o\.3..".....cw...:;.btq......w=.......R-[].4..]...?.....o..K../cC.<O...y..O.......{.-'Ln9..M.*6t.(.........o.K.$....bz.X._d......Z].U.....t....Bf.Zl.^vA._..g.{l....V...{....=.jua..[...k......j....Y\...!..+.m..X..t(....."..Mz.26l....7X.C...-...Z.lvl.......y}x..........7.m.VV....IEND.B`.

                              Chrome Cache Entry: 132

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):831
                              Entropy (8bit):7.690596689293278
                              Encrypted:false
                              SSDEEP:24:ars5HGJLO4eG5bQxWGUpbIW779bHBoLU489YmBZo:arssA4L6hvaZ7wv8mmI
                              MD5:916C9BCCCF19525AD9D3CD1514008746
                              SHA1:9CCCE6978D2417927B5150FFAAC22F907FF27B6E
                              SHA-256:358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
                              SHA-512:B73C1A81997ABE12DBA4AE1FA38F070079448C3798E7161C9262CCBA6EE6A91E8A243F0E4888C8AEF33CE1CF83818FC44C85AE454A522A079D08121CD8628D00
                              Malicious:false
                              Preview:.PNG........IHDR... ... .....szz.....IDATx.b .....+......m..dW.@..tm.Y.....m.....m.m..L.|.....{..b...t..........=H..qt..V..X..<jQc...p...fdU.\2.....9T...Jz!9...L.)&.....n....`~.T.\.\.$.....qQ.....LFOx......^&,"bB..Lh9$_.6<...A...Q.T&y.,'...p...W`.2.?X(.o.4.J?.2...@.4...*..X..c......[UZJ...MN.].z..f..DFe.J.....:!r...0X......).....^*..!....u..c..R4.GH....Y....E....Q......+!..)...e"......,.Ge.r.T..!..r..(.|.9f...}......(...s..N...[..~.%6QF..g..r......CN.e"(..uY.h._1.H.e....r.k..%^S.c..<..0.s.j..,D........]..y.2(..OC.o\.3..".....cw...:;.btq......w=.......R-[].4..]...?.....o..K../cC.<O...y..O.......{.-'Ln9..M.*6t.(.........o.K.$....bz.X._d......Z].U.....t....Bf.Zl.^vA._..g.{l....V...{....=.jua..[...k......j....Y\...!..+.m..X..t(....."..Mz.26l....7X.C...-...Z.lvl.......y}x..........7.m.VV....IEND.B`.

                              Chrome Cache Entry: 133

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 116 x 41, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):2408
                              Entropy (8bit):7.8989590488026415
                              Encrypted:false
                              SSDEEP:48:adcls8jg/0B2EeZDjqtstuXgBsC4Z/zOCN4cfuptv0M+kXggLyr:hlsEVeZiW8XE4Z/zO3cf47+Igxr
                              MD5:A62A4E4A142FBC4A6583B50C154AA1BD
                              SHA1:105DAF8E2CCDD2AD5C18D507CDAE5926FBA0E764
                              SHA-256:A9CEF4D58336842DC12848055C5E8D17A02B2FEF3EEC87E5AD171DC699D49D23
                              SHA-512:A3B84323F28035829E5F16AA84D1314BE328037D97BCB91AF2DCF17EA65F580CD17C0135DDDD627320C8D04F0A3F12E5C952C4FA8A6AD7F1876F1803A7996B4F
                              Malicious:false
                              URL:https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png
                              Preview:.PNG........IHDR...t...).........../IDATx..[}..e.~ao..S...E..x..........^.."`s..DD...4......+4..$.kL...@....J..(Pi.......~....\..=w.=1..vnwf....$ovw......}~.o..8K...*.iys..3z...>.3.....5.E....?.B.|(..g..;5..Ts...ok..t.:...X.........u>..G.9.. ._3^..'.dg1bO..&...c......+Y........).. ..g..y}H.4..2A.).e..!.v.U/e.z.."jv8N..cD.(Gh..:$t..E..U.O.LC.w0.:..d.=....d..B..G..9.....$..\%S...CB..P.....{..I.bv.J.r... ..9.1;..X[?.V..Ys!;.(...*j\.(./.U.k(%-..;..@}.-..D.Z.....jmf.f...H}...S..]h.;]C.J..$.hw..._QV..j.k.%....8.....su./.3...'RR.;.......JJlGQ..i%.-M......D..G.....K{s|S..+...$...O.#D.....zH,..E..%.h"..&....#..t................@......_...N...~.IW.Kla.?...k.F../...a..3.{0Qv...ZL.ZQ.....~..s.....o.V...0+.6.3..n.f.n...{..W.....dyn....."&`E.:.V....d.0."..BhEi.he..2F...J..Wc.[=m.~.......<......8.4y.3...*.}....%5~.Q.t.{8...+.l...[..h..*.]D+.....~Z......L...NCE.F[P..........MPB16l#.U.{......(..'..@....:Bn....$T.p)%u:oV......>...J.t.Aj.t.Gf

                              Chrome Cache Entry: 134

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Web Open Font Format (Version 2), TrueType, length 35060, version 1.0
                              Category:downloaded
                              Size (bytes):35060
                              Entropy (8bit):7.9934247518702914
                              Encrypted:true
                              SSDEEP:768:VWgzOJq8VMlI+d620JaSUhkJN1tLmkLqnEsKeeBClx7styedpa12:dSJBVMlfd6VJaSUCv1RmkavKetUXnZ
                              MD5:0360DBC6E8C09DCE9183A1FD78F3BE2E
                              SHA1:6CD4B65A94707AE941D78B12F082C968CB05EC92
                              SHA-256:2DB6BC36808D43FA89029C652636E206FA3E889B35ECF71814AB85F8BA944AF3
                              SHA-512:93C9F1856142DA0709F807CA3E5836065E61BC8160F9281FEC9244F31ED8AE8DF500CD5C64048AC59B4DBC36EBD18BA8E7FBCEEF58134DD76441079FAE147AB9
                              Malicious:false
                              URL:https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
                              Preview:wOF2..............u$..............................T....`..P.l..a.....D..;.."......6.$..@. ..,..6...[.]q..}:P..(....W.(........(;h 8..r.o...........k..........>..eZT\K.....4l..Z]...1B.1.G.....|..p..._..S/...^I.e..l.=.I1...0..L./..D..Y{.w...*.(.....Q..J....v.........z......Q/.K..f._...-..T.f...[..U.).>.K35v...n.?-thr......w.?[D.u.Q.}..i_.cp..0E.R5m.>I.......x......H."C,....2...q...E..r.?...R../.J..m..X97...E.fJ...=.Q.>..`.QXuw..e."........\^.....~....>M.....h.Q.-.......SM,;W......#..#.B.....K.o...`...z...t....".$..s....o.v...w.I.mg.$n....../...N.....8H........^.~....X.Q.,YB.U...uX.e.o.l..o.2f..^_].~.3w*........J$2)_.c8...&^.>...r.29.D&.I....T".H....O.2.$..r.\...1.}.ES~5...t.X`.x.gQk..e.L.N......{.6...4..G.....2.z...V...Vy.'..../.....'...z..i.G.......`...$@.k......1.....{PH.....qf......_...A.e..7.....C.?.^.....,......NDa<b..*F...:.....+..|.._I+.2.^......l...3..^.)qJ...0.....X.....yj....J"...lo..._j...Z...0...m..2.$.EBa.....w...|..2&!.$..!S/^'..*...r.U-.

                              Static File Info

                              General

                              File type:CDFV2 Microsoft Outlook Message
                              Entropy (8bit):6.8186870865424485
                              TrID:
                              • Outlook Message (71009/1) 58.92%
                              • Outlook Form Template (41509/1) 34.44%
                              • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                              File name:phish_alert_sp2_2.0.0.0 (24).msg
                              File size:155'648 bytes
                              MD5:41318cb8845f64f0f3f4b42f80bd6939
                              SHA1:5aa958dfe773d27e9bb8abbafe3d5f4599d2b576
                              SHA256:9193bd327e00a7abf3128a4835f7e335f4c4881b29644715656f09bccbe3cc14
                              SHA512:3ff605676bd29bcacbfadb9b8c0eccf3568b3d4b8f5adf3489dadf1645505f969312fd1096a354912a1ea422dbc558d5a7e320e4038eed88b571d6effbe62f41
                              SSDEEP:3072:HEKwnNLzKb6iVLcTy+wEdbJE4ORRBYOu6rKuk0bJbArAxpk6:HERwvsecJE4ORR+OTkAJb2Ax66
                              TLSH:D2E35A07A6E11501F57B9E3159E763763E39BCE39E224D3920C2371D17B8C92D8E1B2A
                              File Content Preview:........................>......................."...........!...............$..................................................................................................................................................................................

                              Static Mail

                              General

                              Subject:(EXT): Cargo Charter Request // Aircraft Engine on Stand (CFM56-7B24) / 1st week of September, 2024
                              From:BL Kim <swissblkim@inter-airsea.co.kr>
                              To:undisclosed-recipients:;
                              Cc:
                              BCC:
                              Date:Wed, 28 Aug 2024 19:52:40 +0200
                              Communications:
                                Attachments:
                                • 1f02ea1a.gif
                                • 0ac1c44f.png

                                Headers

                                Key Value
                                Receivedfrom [::1] (port=36112 helo=wghp7.wghservers.com)
                                1753:03 +0000
                                by DU0P192MB2124.EURP192.PROD.OUTLOOK.COM (260310a6:10:47f::11) with
                                2024 1753:00 +0000
                                (260310a6:102:377::16) with Microsoft SMTP Server (version=TLS1_2,
                                Transport; Wed, 28 Aug 2024 1753:00 +0000
                                Authentication-Resultsspf=softfail (sender IP is 23.83.218.254)
                                Received-SPFSoftFail (protection.outlook.com: domain of transitioning
                                via Frontend Transport; Wed, 28 Aug 2024 1752:59 +0000
                                Authentication-Results-Originalvoltalia-com-1.fortimailcloud.com;
                                spf=softfail (fortimailcloud.comdomain of swissblkim@inter-airsea.co.kr
                                Wed, 28 Aug 2024 1852:42 +0100
                                X-Sender-Idwhogohost|x-authuser|tas43@championscloud.app
                                Wed, 28 Aug 2024 1752:54 +0000
                                (Authenticated senderwhogohost)
                                ARC-Seali=1; s=arc-2022; d=mailchannels.net; t=1724867574; a=rsa-sha256;
                                ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed;
                                h=fromfrom:reply-to:reply-to:subject:subject:date:date:
                                message-idmessage-id:to:to:cc:mime-version:mime-version:
                                content-typecontent-type; bh=LA49ymFHhO8qwBD4hHVRsCvFFLv4MFJx8yJwQSurqvs=;
                                ARC-Authentication-Resultsi=1;
                                X-MC-RelayNeutral
                                X-MailChannels-SenderIdwhogohost|x-authuser|tas43@championscloud.app
                                X-MailChannels-Auth-Idwhogohost
                                X-Blushing-Bitter008e81485ba3fcd2_1724867574583_2850356892
                                X-MC-Loop-Signature1724867574583:2514056870
                                X-MC-Ingress-Time1724867574583
                                MIME-Version1.0
                                DateWed, 28 Aug 2024 18:52:40 +0100
                                FromBL Kim <swissblkim@inter-airsea.co.kr>
                                Toundisclosed-recipients:;
                                Subject=?utf-8?B?KEVYVCk6IENhcmdvIENoYXJ0ZXIgUmVxdWVzdCAvLyBBaXJjcmFmdCBFbmdp?=
                                Reply-ToBL Kim <inter-airsea.co.kr@asia.com>
                                Mail-Reply-ToBL Kim <inter-airsea.co.kr@asia.com>
                                User-AgentRoundcube Webmail/1.6.8
                                Message-ID<e2a4787690451f68fb2b78866c1554c5@inter-airsea.co.kr>
                                X-Senderswissblkim@inter-airsea.co.kr
                                X-Priority1 (Highest)
                                Content-Typemultipart/alternative;
                                X-AuthUsertas43@championscloud.app
                                X-FE-Attachment-Name0ac1c44f.png, 1f02ea1a.gif
                                X-FEAS-Client-IP23.83.218.254
                                X-FE-Last-Public-Client-IP23.83.218.254
                                X-FE-Envelope-Fromswissblkim@inter-airsea.co.kr
                                X-FE-Policy-ID7:1:1:voltalia.com
                                Return-Pathswissblkim@inter-airsea.co.kr
                                X-MS-Exchange-Organization-ExpirationStartTime28 Aug 2024 17:52:59.8341
                                X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                X-MS-Exchange-Organization-Network-Message-Id95da119a-8313-4b4e-d779-08dcc78a4183
                                X-EOPAttributedMessage0
                                X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                X-MS-Exchange-SkipListedInternetSenderip=[23.83.218.254];domain=toucan.tulip.relay.mailchannels.net
                                X-MS-Exchange-ExternalOriginalInternetSenderip=[23.83.218.254];domain=toucan.tulip.relay.mailchannels.net
                                X-MS-PublicTrafficTypeEmail
                                X-MS-TrafficTypeDiagnosticPA1PEPF000CC3FB:EE_|DU0P192MB2124:EE_|AS4P192MB1912:EE_
                                X-MS-Exchange-Organization-AuthSourcePA1PEPF000CC3FB.FRAP264.PROD.OUTLOOK.COM
                                X-MS-Exchange-Organization-AuthAsAnonymous
                                X-OriginatorOrgvoltalia.com
                                X-MS-Office365-Filtering-Correlation-Id95da119a-8313-4b4e-d779-08dcc78a4183
                                X-MS-Exchange-Organization-SCL1
                                X-Microsoft-AntispamBCL:0;ARA:13230040|5073199012|4073199012|5063199012|22003199012|29132699027|12012899012|3072899012|2092899012|82310400026|43540500003;
                                X-Forefront-Antispam-ReportCIP:154.52.13.110;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:toucan.tulip.relay.mailchannels.net;PTR:toucan.tulip.relay.mailchannels.net;CAT:NONE;SFTY:9.25;SFS:(13230040)(5073199012)(4073199012)(5063199012)(22003199012)(29132699027)(12012899012)(3072899012)(2092899012)(82310400026)(43540500003);DIR:INB;SFTY:9.25;
                                X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Aug 2024 17:52:59.8341
                                X-MS-Exchange-CrossTenant-Network-Message-Id95da119a-8313-4b4e-d779-08dcc78a4183
                                X-MS-Exchange-CrossTenant-Id09bd70d8-f5ec-49d0-bd32-19f9e607c56d
                                X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=09bd70d8-f5ec-49d0-bd32-19f9e607c56d;Ip=[154.52.13.110];Helo=[voltalia-com-1.fortimailcloud.com]
                                X-MS-Exchange-CrossTenant-AuthSourcePA1PEPF000CC3FB.FRAP264.PROD.OUTLOOK.COM
                                X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                X-MS-Exchange-CrossTenant-FromEntityHeaderHybridOnPrem
                                X-MS-Exchange-Transport-CrossTenantHeadersStampedDU0P192MB2124
                                X-MS-Exchange-Transport-EndToEndLatency00:00:03.9364084
                                X-MS-Exchange-Processed-By-BccFoldering15.20.7897.019
                                X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                X-Microsoft-Antispam-Message-Info=?us-ascii?Q?nCqBtmiZ6eH4YrFwKzoKMxCjhCbFrnonbfaboAg4+gXLdFPQMOV7AJOsqC8G?=
                                dateWed, 28 Aug 2024 19:52:40 +0200

                                File Icon

                                Icon Hash:c4e1928eacb280a2

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 29, 2024 17:16:12.331974030 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:12.646209955 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:13.254210949 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:14.460228920 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:15.695692062 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:15.695751905 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:15.695822001 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:15.703088045 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:15.703109980 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:16.653193951 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:16.653283119 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:16.698910952 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:16.698935986 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:16.699265003 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:16.700635910 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:16.700686932 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:16.700723886 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:16.872270107 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:17.354376078 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.354402065 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.354449034 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.354505062 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.354522943 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.354549885 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.355262041 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.355278969 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.355304956 CEST49700443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.355309963 CEST4434970020.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.482753992 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.482805014 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:17.482892036 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.483127117 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:17.483139992 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.286267042 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.286411047 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.294816971 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.294826031 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.295080900 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.295562029 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.295588970 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.295624971 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735451937 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735471010 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735522985 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735635996 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.735660076 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735672951 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.735688925 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.735712051 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.736092091 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.736107111 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.736114979 CEST49703443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.736119032 CEST4434970320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.781044960 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.781085968 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:18.781227112 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.781390905 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:18.781404972 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:19.625258923 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:19.626215935 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:19.626249075 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:19.627134085 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:19.627137899 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:19.627216101 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:19.627221107 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.041369915 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.041414976 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.041512012 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.042989016 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.043003082 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.387176991 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387197971 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387237072 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387283087 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.387310982 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387327909 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387331963 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.387376070 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.387777090 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.387789965 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.387816906 CEST49705443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.387821913 CEST4434970520.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.450782061 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.450818062 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.450884104 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.451139927 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:20.451148987 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:20.505587101 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:20.715611935 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.715692997 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.719146013 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.719162941 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.719434977 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.759067059 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.804501057 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.807302952 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:20.991816044 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.991889954 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.991942883 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.991998911 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.992013931 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:20.992026091 CEST49707443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:20.992032051 CEST44349707184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.020416021 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.020454884 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.020539999 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.021786928 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.021804094 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.035912991 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.035957098 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.036025047 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.036338091 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.036351919 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.228296995 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.228363991 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.230629921 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.230638027 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.230858088 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.231340885 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.231391907 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.231430054 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.410300970 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:21.430831909 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:21.430880070 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:21.431288958 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:21.431967974 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:21.431978941 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:21.610124111 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610146046 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610189915 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610219002 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.610243082 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610255957 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.610255957 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610318899 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.610730886 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.610754967 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.610769033 CEST49708443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.610774040 CEST4434970820.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.646013975 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.646064043 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.646159887 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.646330118 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:21.646344900 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:21.671634912 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.671727896 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.672903061 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.672913074 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.673168898 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.674186945 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.681260109 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:21.715289116 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.715367079 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.716510057 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.716984987 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.717000008 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.717425108 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.760504007 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.776128054 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:21.816493988 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:21.947022915 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.947109938 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.947902918 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.947943926 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.947943926 CEST49710443192.168.2.16184.28.90.27
                                Aug 29, 2024 17:16:21.947964907 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:21.947974920 CEST44349710184.28.90.27192.168.2.16
                                Aug 29, 2024 17:16:22.001066923 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001094103 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001101017 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001127958 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001183987 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001219988 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.001259089 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.001275063 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.001385927 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.002010107 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.002093077 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.002125978 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.002196074 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.010807037 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.010807037 CEST49709443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:22.010823965 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.010833979 CEST4434970913.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:22.425769091 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.427110910 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.427110910 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.427145004 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.427156925 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.427184105 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.427195072 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.617562056 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:22.671331882 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:22.671930075 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.673088074 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.673099041 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:22.673294067 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:22.729700089 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.734658003 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.734729052 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:22.734884024 CEST4434971140.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:22.734940052 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.735306978 CEST49711443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:22.808372021 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808393955 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808458090 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808465958 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.808505058 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808526993 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.808800936 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808856964 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.808934927 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.808952093 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.808970928 CEST49712443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.808976889 CEST4434971220.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.813970089 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.814002991 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:22.814187050 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.814357042 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:22.814368010 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:23.633203983 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:23.633970022 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:23.633991003 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:23.641730070 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:23.641741037 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:23.641908884 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:23.641916990 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066488028 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066510916 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066545963 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066602945 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:24.066611052 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066678047 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.066692114 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:24.067056894 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:24.067056894 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:24.067075014 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.067117929 CEST49713443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:24.067123890 CEST4434971320.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:24.292718887 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:24.292751074 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:24.292845964 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:24.295483112 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:24.295495033 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:24.964426041 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:25.027259111 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:25.266256094 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:25.549740076 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.549820900 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.551140070 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.551150084 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.551374912 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.552511930 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.552539110 CEST4434971440.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.552586079 CEST49714443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.618119001 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.618176937 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.618271112 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.618508101 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:25.618520975 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:25.870379925 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:26.925383091 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:26.925510883 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:26.928428888 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:26.928452969 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:26.928725958 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:26.929847002 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:26.929893970 CEST4434971540.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:26.929954052 CEST49715443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:27.082191944 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:27.111125946 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:27.111172915 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:27.111263990 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:27.111709118 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:27.111727953 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.371731997 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.371903896 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.373090029 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.373100042 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.373291016 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.375770092 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.375793934 CEST4434971640.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.375863075 CEST49716443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.437927961 CEST49717443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.437971115 CEST4434971740.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:28.438178062 CEST49717443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.438525915 CEST49717443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:28.438535929 CEST4434971740.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:29.405455112 CEST49717443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:29.485411882 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:29.801816940 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:29.801867962 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:29.801949978 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:29.802189112 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:29.802200079 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:29.837255001 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:31.084626913 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:31.084724903 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:31.085923910 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:31.085938931 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:31.086179972 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:31.087270021 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:31.087321043 CEST4434971840.119.249.228192.168.2.16
                                Aug 29, 2024 17:16:31.087373972 CEST49718443192.168.2.1640.119.249.228
                                Aug 29, 2024 17:16:31.289294004 CEST49673443192.168.2.16204.79.197.203
                                Aug 29, 2024 17:16:34.294286013 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:39.448329926 CEST49678443192.168.2.1620.189.173.10
                                Aug 29, 2024 17:16:39.527281046 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:39.527312994 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:39.527400017 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:39.527543068 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:39.527559042 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.346937895 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.347592115 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.347610950 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.348345041 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.348351002 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.348392010 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.348397970 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690568924 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690612078 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690655947 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690721035 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.690736055 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690746069 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.690758944 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.690808058 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.691222906 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.691237926 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.691247940 CEST49719443192.168.2.1620.190.160.22
                                Aug 29, 2024 17:16:40.691252947 CEST4434971920.190.160.22192.168.2.16
                                Aug 29, 2024 17:16:40.833662033 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:40.833707094 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:40.833817959 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:40.836420059 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:40.836461067 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:41.509061098 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:41.509160995 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:41.541790962 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:41.541820049 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:41.542088032 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:41.542146921 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:41.582405090 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:41.582457066 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:41.729528904 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:41.729567051 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:41.729629993 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:41.729918957 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:41.729933977 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.022105932 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.022160053 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.022176981 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.022209883 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.022222996 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.022253990 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.022259951 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.022270918 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.022299051 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.022320986 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.024894953 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.024912119 CEST443497202.23.209.156192.168.2.16
                                Aug 29, 2024 17:16:42.024934053 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.024956942 CEST49720443192.168.2.162.23.209.156
                                Aug 29, 2024 17:16:42.372100115 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.372395992 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:42.372421026 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.372807980 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.372873068 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:42.373527050 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.373574018 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:42.375130892 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:42.375199080 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.375614882 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:42.375623941 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:42.422944069 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:43.867816925 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.867866039 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.867907047 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.867929935 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:43.867954969 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.868005037 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:43.870825052 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.870925903 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:43.870990038 CEST44349722216.58.206.78192.168.2.16
                                Aug 29, 2024 17:16:43.871032000 CEST49722443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:16:43.895330906 CEST4968080192.168.2.16192.229.211.108
                                Aug 29, 2024 17:16:44.885101080 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:44.885154009 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:44.885236979 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:44.885441065 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:44.885451078 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.526702881 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.531924963 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.531945944 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.532418966 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.533133984 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.533171892 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.533179998 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.533428907 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.534357071 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.534357071 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.534367085 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.534487009 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.580389023 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.580404997 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.630354881 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.807856083 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.807940006 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:45.808271885 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.808408976 CEST49729443192.168.2.16172.217.23.110
                                Aug 29, 2024 17:16:45.808425903 CEST44349729172.217.23.110192.168.2.16
                                Aug 29, 2024 17:16:46.776863098 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:46.776882887 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:46.776962996 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:46.777210951 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:46.777221918 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.419271946 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.419454098 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:47.419469118 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.420474052 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.420526028 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:47.421588898 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:47.421673059 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.464328051 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:47.464338064 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:47.511364937 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:54.540009022 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:54.540112972 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:54.540343046 CEST44349732142.250.185.68192.168.2.16
                                Aug 29, 2024 17:16:54.540364027 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:54.540417910 CEST49732443192.168.2.16142.250.185.68
                                Aug 29, 2024 17:16:58.404763937 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:58.404803038 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:58.404880047 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:58.405267000 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:58.405281067 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:59.089802980 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:59.090002060 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:59.092192888 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:59.092214108 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:59.092417955 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:16:59.094475031 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:16:59.136502028 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.318628073 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.318655014 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.318670988 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.318747044 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.318773985 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.318814993 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.320563078 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.320591927 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.320641994 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.320652008 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.320662975 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.320676088 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.320718050 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.329782009 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.329806089 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:00.329822063 CEST49734443192.168.2.1613.85.23.86
                                Aug 29, 2024 17:17:00.329828978 CEST4434973413.85.23.86192.168.2.16
                                Aug 29, 2024 17:17:03.712475061 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.712523937 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:03.712570906 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.713737011 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.713743925 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:03.713800907 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.714148998 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.714164019 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:03.714515924 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:03.714524031 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.345724106 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.345947027 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.345971107 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.346344948 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.346405983 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.347079992 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.347132921 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.347942114 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.348001957 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.348185062 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.348191977 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.350754976 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.350954056 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.350965977 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.351294041 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.351371050 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.351895094 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.351943016 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.352085114 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.352143049 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.396368980 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.396368980 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.396379948 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.444397926 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.940177917 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.940223932 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.940248013 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.940301895 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.940323114 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.940376043 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.941797018 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.942003965 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:04.942054987 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.942142010 CEST49737443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:04.942152977 CEST44349737216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:08.449306011 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:08.449342012 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:08.449419022 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:08.449618101 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:08.449629068 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.225284100 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.225589037 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.225620031 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.226684093 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.226757050 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.227693081 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.227758884 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.268430948 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.268455982 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.316437960 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.599987030 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:09.600090981 CEST49743443192.168.2.16142.250.185.228
                                Aug 29, 2024 17:17:09.600116968 CEST44349736216.58.206.78192.168.2.16
                                Aug 29, 2024 17:17:09.600169897 CEST49736443192.168.2.16216.58.206.78
                                Aug 29, 2024 17:17:09.600179911 CEST44349743142.250.185.228192.168.2.16
                                Aug 29, 2024 17:17:09.600275993 CEST49743443192.168.2.16142.250.185.228

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 29, 2024 17:16:41.711718082 CEST53509581.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:41.721512079 CEST5350553192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:41.721636057 CEST5487453192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:41.728250027 CEST53548741.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:41.729084015 CEST53535051.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:42.024611950 CEST53634891.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:42.997231960 CEST53652851.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:43.895715952 CEST53544801.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:44.860388994 CEST53610401.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:44.862570047 CEST53521271.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:44.877067089 CEST5543653192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:44.877208948 CEST5752253192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:44.884623051 CEST53554361.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:44.884692907 CEST53575221.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:45.773267031 CEST53516091.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:46.559546947 CEST5634453192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:46.559663057 CEST5228353192.168.2.161.1.1.1
                                Aug 29, 2024 17:16:46.775593996 CEST53563441.1.1.1192.168.2.16
                                Aug 29, 2024 17:16:46.775607109 CEST53522831.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:03.621737957 CEST4938553192.168.2.161.1.1.1
                                Aug 29, 2024 17:17:03.621865988 CEST6492653192.168.2.161.1.1.1
                                Aug 29, 2024 17:17:03.710854053 CEST53493851.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:03.711213112 CEST53528421.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:03.711854935 CEST53649261.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:03.712100983 CEST53611961.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:04.716896057 CEST53562491.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:04.973871946 CEST53617881.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:08.440146923 CEST5397753192.168.2.161.1.1.1
                                Aug 29, 2024 17:17:08.440310001 CEST5114853192.168.2.161.1.1.1
                                Aug 29, 2024 17:17:08.447272062 CEST53511481.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:08.448615074 CEST53539771.1.1.1192.168.2.16
                                Aug 29, 2024 17:17:16.668576002 CEST138138192.168.2.16192.168.2.255

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Aug 29, 2024 17:16:41.721512079 CEST192.168.2.161.1.1.10xe272Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:41.721636057 CEST192.168.2.161.1.1.10xdc58Standard query (0)drive.google.com65IN (0x0001)false
                                Aug 29, 2024 17:16:44.877067089 CEST192.168.2.161.1.1.10xc1cStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:44.877208948 CEST192.168.2.161.1.1.10x5d18Standard query (0)docs.google.com65IN (0x0001)false
                                Aug 29, 2024 17:16:46.559546947 CEST192.168.2.161.1.1.10xb5f8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:46.559663057 CEST192.168.2.161.1.1.10x6116Standard query (0)www.google.com65IN (0x0001)false
                                Aug 29, 2024 17:17:03.621737957 CEST192.168.2.161.1.1.10xd4Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                Aug 29, 2024 17:17:03.621865988 CEST192.168.2.161.1.1.10x318Standard query (0)drive.google.com65IN (0x0001)false
                                Aug 29, 2024 17:17:08.440146923 CEST192.168.2.161.1.1.10x7de9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Aug 29, 2024 17:17:08.440310001 CEST192.168.2.161.1.1.10x92e2Standard query (0)www.google.com65IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Aug 29, 2024 17:16:41.729084015 CEST1.1.1.1192.168.2.160xe272No error (0)drive.google.com216.58.206.78A (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:44.884623051 CEST1.1.1.1192.168.2.160xc1cNo error (0)docs.google.com172.217.23.110A (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:46.775593996 CEST1.1.1.1192.168.2.160xb5f8No error (0)www.google.com142.250.185.68A (IP address)IN (0x0001)false
                                Aug 29, 2024 17:16:46.775607109 CEST1.1.1.1192.168.2.160x6116No error (0)www.google.com65IN (0x0001)false
                                Aug 29, 2024 17:17:03.710854053 CEST1.1.1.1192.168.2.160xd4No error (0)drive.google.com216.58.206.78A (IP address)IN (0x0001)false
                                Aug 29, 2024 17:17:08.447272062 CEST1.1.1.1192.168.2.160x92e2No error (0)www.google.com65IN (0x0001)false
                                Aug 29, 2024 17:17:08.448615074 CEST1.1.1.1192.168.2.160x7de9No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • login.live.com
                                • fs.microsoft.com
                                • slscr.update.microsoft.com
                                • www.bing.com
                                • drive.google.com
                                • https:
                                  • docs.google.com

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.164970020.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:16 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 3592
                                Host: login.live.com
                                2024-08-29 15:16:16 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:17 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:16 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_BL2
                                x-ms-request-id: 399b6280-2942-4cc4-9697-dad72b034008
                                PPServer: PPV: 30 H: BL02EPF0001D9B1 V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:16 GMT
                                Connection: close
                                Content-Length: 11389
                                2024-08-29 15:16:17 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.164970320.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:18 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 3592
                                Host: login.live.com
                                2024-08-29 15:16:18 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:18 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:18 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_BAY
                                x-ms-request-id: 372dd06e-fd55-48d4-8513-81f523a9ec44
                                PPServer: PPV: 30 H: PH1PEPF00011D52 V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:17 GMT
                                Connection: close
                                Content-Length: 11389
                                2024-08-29 15:16:18 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.164970520.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 4775
                                Host: login.live.com
                                2024-08-29 15:16:19 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:20 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:20 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_SN1
                                x-ms-request-id: 6462888d-4e3e-43d0-8a42-f981c7056373
                                PPServer: PPV: 30 H: SN1PEPF0002F9F0 V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:19 GMT
                                Connection: close
                                Content-Length: 11369
                                2024-08-29 15:16:20 UTC11369INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.1649707184.28.90.27443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-08-29 15:16:20 UTC467INHTTP/1.1 200 OK
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                Content-Type: application/octet-stream
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                Server: ECAcc (lpl/EF06)
                                X-CID: 11
                                X-Ms-ApiVersion: Distribute 1.2
                                X-Ms-Region: prod-weu-z1
                                Cache-Control: public, max-age=152433
                                Date: Thu, 29 Aug 2024 15:16:20 GMT
                                Connection: close
                                X-CID: 2


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.164970820.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:21 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 4775
                                Host: login.live.com
                                2024-08-29 15:16:21 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:21 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:21 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_SN1
                                x-ms-request-id: ed0c12e2-6d7f-47b2-8ee0-f7d1ea21ef9d
                                PPServer: PPV: 30 H: SN1PEPF00040187 V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:21 GMT
                                Connection: close
                                Content-Length: 11369
                                2024-08-29 15:16:21 UTC11369INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.1649710184.28.90.27443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                Range: bytes=0-2147483646
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-08-29 15:16:21 UTC515INHTTP/1.1 200 OK
                                ApiVersion: Distribute 1.1
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                Content-Type: application/octet-stream
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                Server: ECAcc (lpl/EF06)
                                X-CID: 11
                                X-Ms-ApiVersion: Distribute 1.2
                                X-Ms-Region: prod-weu-z1
                                Cache-Control: public, max-age=152385
                                Date: Thu, 29 Aug 2024 15:16:21 GMT
                                Content-Length: 55
                                Connection: close
                                X-CID: 2
                                2024-08-29 15:16:21 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.164970913.85.23.86443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:21 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=p+h8FZuCuAFLUM6&MD=2BUuAZYy HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-08-29 15:16:22 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                MS-CorrelationId: 270331e8-24bd-4fa5-a858-be3a027cd562
                                MS-RequestId: 9038eb57-e86d-4909-9d0d-cf0dc72df666
                                MS-CV: BfdKjsn/4Eyrv85O.0
                                X-Microsoft-SLSClientCache: 2880
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Thu, 29 Aug 2024 15:16:21 GMT
                                Connection: close
                                Content-Length: 24490
                                2024-08-29 15:16:22 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                2024-08-29 15:16:22 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.164971220.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:22 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 4722
                                Host: login.live.com
                                2024-08-29 15:16:22 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:22 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:22 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_SN1
                                x-ms-request-id: 6313c149-ac78-445c-8488-0839fcba76ac
                                PPServer: PPV: 30 H: SN1PEPF0002F94E V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:21 GMT
                                Connection: close
                                Content-Length: 10197
                                2024-08-29 15:16:22 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.164971320.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 4710
                                Host: login.live.com
                                2024-08-29 15:16:23 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:24 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:23 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_BAY
                                x-ms-request-id: 14646fac-a363-4e68-bac6-aacf3f7423c0
                                PPServer: PPV: 30 H: PH1PEPF00011ED6 V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:23 GMT
                                Connection: close
                                Content-Length: 10173
                                2024-08-29 15:16:24 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.164971920.190.160.22443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:40 UTC422OUTPOST /RST2.srf HTTP/1.0
                                Connection: Keep-Alive
                                Content-Type: application/soap+xml
                                Accept: */*
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                Content-Length: 4788
                                Host: login.live.com
                                2024-08-29 15:16:40 UTC4788OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                2024-08-29 15:16:40 UTC569INHTTP/1.1 200 OK
                                Cache-Control: no-store, no-cache
                                Pragma: no-cache
                                Content-Type: application/soap+xml; charset=utf-8
                                Expires: Thu, 29 Aug 2024 15:15:40 GMT
                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                Referrer-Policy: strict-origin-when-cross-origin
                                x-ms-route-info: C538_BAY
                                x-ms-request-id: f2df1394-9e99-4c6c-b263-ddd0acfaf41d
                                PPServer: PPV: 30 H: PH1PEPF00011EDC V: 0
                                X-Content-Type-Options: nosniff
                                Strict-Transport-Security: max-age=31536000
                                X-XSS-Protection: 1; mode=block
                                Date: Thu, 29 Aug 2024 15:16:40 GMT
                                Connection: close
                                Content-Length: 11177
                                2024-08-29 15:16:40 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.16497202.23.209.156443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:41 UTC2693OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                X-Search-CortanaAvailableCapabilities: None
                                X-Search-SafeSearch: Moderate
                                Accept-Encoding: gzip, deflate
                                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                X-UserAgeClass: Unknown
                                X-BM-Market: CH
                                X-BM-DateFormat: dd/MM/yyyy
                                X-Device-OSSKU: 48
                                X-BM-DTZ: -240
                                X-DeviceID: 01000A4109009A83
                                X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75
                                X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                                X-BM-Theme: 000000;0078d7
                                X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAc/iD5vggF7x3aPrwRv3Vo7J%2BwWXp%2BhJHczlexT139pxkJZiUCRV5%2BunOmkSFMaP2FZQ5rhTEnDT0UHoCoZgCsombIdseBRlorMzmWlgpR9vEzT6cfY0gP6dhRCmmbvbOdI%2B1cro9mB4fgkQTL3gVAjDT%2BxQc9O/9Xe8tv6l8qo%2BEOcSXJRVslJzin4as7t2cZ7YCj/jlqvx%2BvGTSPNO8do6A72ucM67u/lGcTQdMSKJzxoCag/UoPHCq1QDsL03AzuFumAJDKhPUQImliJppznvKNzUkJ44XgKZvbztMRzLOgpyBHCKJ42vWJvnQAOZ2mxI3M3DZK2Nv%2B2MHknjRJgQZgAAEM3riuIXgyciq03DC5N5iaGwARkUupVU9%2Be3d8eLo1c%2BLNDQXE7uj55ugFIRKN31n/ZzuBQ4hRqqvBbyuNL8JXj0j//1W9K2zEyjYw0SmxmpZ9KRPGhTGAVvzo7T9ClABnBvxITNceIMOgKI2TUNA1zwfo8jqP%2BOdkJ8XxrbG7LMSpqcr1KbTSyuXS3ux63rTZvBQUXs1htKz8FdwHm7Eyl90MmZZhNATt439p8p87fK0xYsj1z/xb651TF/3luoQ3fZqXD0zNhzDmwuS/2h8cHQATvZ052qu%2BSoVfriovk442QIfl/t3pxKdQf/CVgc649AZfp0FJvkxa6XZCct4f0Dn8fgrENgahxnkrFJEEmKMUJvvjhD75re6DYX4I2JPz/I8hoUdSSh52XrmJpFsCKlBgnM8DtKgQLaOpExb/niN6z8KtNN5NoOINZhSv9Oj7p1gUmEaW8zdXtCOuc952NRMyLSgBn586i7zfVV9KXjjgtj1WN2aazNwPyipN4Qnchonb3qVj6q/jTanDw2mobTJePUqoINBFjXx%2BG215VL29sRUXNWG7DJM7qPquREzVuiesL%2B0 [TRUNCATED]
                                X-Agent-DeviceId: 01000A4109009A83
                                X-BM-CBT: 1724944598
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                X-Device-isOptin: false
                                Accept-language: en-GB, en, en-US
                                X-Device-Touch: false
                                X-Device-ClientSession: 17BEBAA7B14A4FC2B56FF04C7735F17E
                                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                Host: www.bing.com
                                Connection: Keep-Alive
                                Cookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                                2024-08-29 15:16:42 UTC1319INHTTP/1.1 200 OK
                                Content-Length: 2215
                                Content-Type: application/json; charset=utf-8
                                Cache-Control: private
                                X-EventID: 66d090d907ef4ec291fdfa7db950f11c
                                X-AS-SetSessionMarket: de-ch
                                UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                X-XSS-Protection: 0
                                P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                Date: Thu, 29 Aug 2024 15:16:41 GMT
                                Connection: close
                                Set-Cookie: _EDGE_S=SID=01B0B4E649C4692320D7A00C48ED68B6&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                Set-Cookie: SRCHHPGUSR=SRCHLANG=en&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; domain=.bing.com; expires=Tue, 23-Sep-2025 15:16:41 GMT; path=/; secure; SameSite=None
                                Set-Cookie: ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; domain=.bing.com; expires=Tue, 23-Sep-2025 15:16:41 GMT; path=/; secure; SameSite=None
                                Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                Set-Cookie: _SS=SID=01B0B4E649C4692320D7A00C48ED68B6; domain=.bing.com; path=/; secure; SameSite=None
                                Alt-Svc: h3=":443"; ma=93600
                                X-CDN-TraceID: 0.37d01702.1724944601.39b3407
                                2024-08-29 15:16:42 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.1649722216.58.206.784433508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:42 UTC875OUTGET /file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web HTTP/1.1
                                Host: drive.google.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-08-29 15:16:43 UTC1202INHTTP/1.1 404 Not Found
                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                Pragma: no-cache
                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                Date: Thu, 29 Aug 2024 15:16:43 GMT
                                Content-Type: text/html; charset=utf-8
                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
                                Content-Security-Policy: script-src 'report-sample' 'nonce-W3H32mruDRMy3FZVXAfy1A' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/
                                Referrer-Policy: strict-origin-when-cross-origin
                                X-Content-Type-Options: nosniff
                                X-XSS-Protection: 1; mode=block
                                Server: GSE
                                Set-Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s; expires=Fri, 28-Feb-2025 15:16:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2024-08-29 15:16:43 UTC188INData Raw: 62 66 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 62 20 77 6f 72 64 20 70 72 6f 63 65 73 73 69 6e 67 2c 20 70 72 65 73 65 6e 74 61 74 69 6f 6e 73 20 61 6e 64 20 73 70 72 65 61 64 73 68 65 65 74 73 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d
                                Data Ascii: bf4<!DOCTYPE html><html lang="en"><head><meta name="description" content="Web word processing, presentations and spreadsheets"><meta name="viewport" content="width=device-width, initial-
                                2024-08-29 15:16:43 UTC1390INData Raw: 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 64 6f 63 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f
                                Data Ascii: scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=0"><link rel="shortcut icon" href="//docs.google.com/favicon.ico"><title>Page Not Found</title><meta name="referrer" content="strict-origin-when-cross-origin"><link href="//fonts.googleapis.co
                                2024-08-29 15:16:43 UTC1390INData Raw: 74 2f 63 73 73 22 20 6e 6f 6e 63 65 3d 22 4c 58 42 71 35 4f 50 79 74 50 6d 62 52 71 33 73 7a 6e 48 37 74 67 22 3e 62 6f 64 79 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 7d 61 2c 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 31 31 32 41 42 42 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6e 6f 6e 63 65 3d 22 4c 58 42 71 35 4f 50 79 74 50 6d 62 52 71 33 73 7a 6e 48 37 74 67 22 3e 2e 65 72 72 6f 72 4d 65 73 73 61 67 65 20 7b 66
                                Data Ascii: t/css" nonce="LXBq5OPytPmbRq3sznH7tg">body {background-color: #fff; font-family: Arial,sans-serif; font-size: 13px; margin: 0; padding: 0;}a, a:link, a:visited {color: #112ABB;}</style><style type="text/css" nonce="LXBq5OPytPmbRq3sznH7tg">.errorMessage {f
                                2024-08-29 15:16:43 UTC99INData Raw: 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 34 30 70 78 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: 0px; margin-left: 40px; margin-right: 40px; margin-top: 80px; position: relative;}</style></html>
                                2024-08-29 15:16:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.1649729172.217.23.1104433508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:45 UTC931OUTGET /favicon.ico HTTP/1.1
                                Host: docs.google.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                Sec-Fetch-Site: same-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Referer: https://drive.google.com/
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s
                                2024-08-29 15:16:45 UTC416INHTTP/1.1 302 Found
                                Location: https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                                Cache-Control: private
                                Cross-Origin-Resource-Policy: cross-origin
                                Content-Type: text/html; charset=UTF-8
                                X-Content-Type-Options: nosniff
                                Date: Thu, 29 Aug 2024 15:16:45 GMT
                                Server: sffe
                                Content-Length: 269
                                X-XSS-Protection: 0
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-08-29 15:16:45 UTC269INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 70 72 6f 64 75 63 74 2f 31 78 2f 64 72 69 76 65 5f 32 30 32 30 71 34 5f 33 32 64 70 2e 70 6e 67 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f
                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png">here</A>.</


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.164973413.85.23.86443
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:16:59 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=p+h8FZuCuAFLUM6&MD=2BUuAZYy HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-08-29 15:17:00 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                MS-CorrelationId: 5f90ec9d-943f-4468-8971-6d805f49d5ca
                                MS-RequestId: 931c1b68-0c01-4f5d-ac95-d0fb21f17482
                                MS-CV: QdMbH4flFUia4sE1.0
                                X-Microsoft-SLSClientCache: 1440
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Thu, 29 Aug 2024 15:16:58 GMT
                                Connection: close
                                Content-Length: 30005
                                2024-08-29 15:17:00 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                2024-08-29 15:17:00 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.1649737216.58.206.784436756C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-08-29 15:17:04 UTC984OUTGET /file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web HTTP/1.1
                                Host: drive.google.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQj5wNQV
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: NID=517=rIup8WLkEYDpMO2Mv2_t_AdRYgO2lNxacmEAFYQuXxD6uE-dqyT6pURnxvjZfWrvmS9C1q7VZ2M-f_SUIjQ9Zuni_rlLkXd-TF5cclTIF0e62wQ9J3VM5sHpQv_g0HEuVLB_i5rxIGNlpnW1y_G8o2jvRD0vsxN1iH7k32D914s
                                2024-08-29 15:17:04 UTC840INHTTP/1.1 404 Not Found
                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                Pragma: no-cache
                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                Date: Thu, 29 Aug 2024 15:17:04 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
                                Content-Security-Policy: script-src 'report-sample' 'nonce-kWNctq-_1If1mvTZRXMiAw' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/
                                Referrer-Policy: strict-origin-when-cross-origin
                                X-Content-Type-Options: nosniff
                                X-XSS-Protection: 1; mode=block
                                Server: GSE
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2024-08-29 15:17:04 UTC550INData Raw: 62 66 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 62 20 77 6f 72 64 20 70 72 6f 63 65 73 73 69 6e 67 2c 20 70 72 65 73 65 6e 74 61 74 69 6f 6e 73 20 61 6e 64 20 73 70 72 65 61 64 73 68 65 65 74 73 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c
                                Data Ascii: bf4<!DOCTYPE html><html lang="en"><head><meta name="description" content="Web word processing, presentations and spreadsheets"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=0"><
                                2024-08-29 15:17:04 UTC1390INData Raw: 4e 77 6f 36 30 54 6e 45 75 6c 43 4e 77 57 6d 38 46 6f 4b 51 22 3e 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2a 20 68 74 6d 6c 20 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2a 3a 66 69 72 73 74 2d 63 68 69 6c 64 2b 68 74 6d 6c 20 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 64 72 69 76 65 2d 6c 6f 67 6f 7b 6d 61 72 67 69 6e 3a 31 38 70 78 20 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e
                                Data Ascii: Nwo60TnEulCNwWm8FoKQ">.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}#drive-logo{margin:18px 0;position:absolute;white-space:n
                                2024-08-29 15:17:04 UTC1127INData Raw: 3d 22 69 6e 6e 65 72 43 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 2d 38 30 70 78 3b 22 3e 3c 64 69 76 20 69 64 3d 22 64 72 69 76 65 2d 6c 6f 67 6f 22 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 6f 63 73 2d 64 72 69 76 65 6c 6f 67 6f 2d 69 6d 67 22 20 74 69 74 6c 65 3d 22 47 6f 6f 67 6c 65 20 6c 6f 67 6f 22 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 6f 63 73 2d 64 72 69 76 65 6c 6f 67 6f 2d 74 65 78 74 22 3e 26 6e 62 73 70 3b 44 72 69 76 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 70 20 63 6c 61 73 73 3d 22 65
                                Data Ascii: ="innerContainer"><div style="position: absolute; top: -80px;"><div id="drive-logo"><a href="/"><span class="docs-drivelogo-img" title="Google logo"></span><span class="docs-drivelogo-text">&nbsp;Drive</span></a></div></div><div align="center"><p class="e
                                2024-08-29 15:17:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:11:16:08
                                Start date:29/08/2024
                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (24).msg"
                                Imagebase:0x730000
                                File size:34'446'744 bytes
                                MD5 hash:91A5292942864110ED734005B7E005C0
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:2
                                Start time:11:16:10
                                Start date:29/08/2024
                                Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7D06042A-1436-4CEF-A6DA-7CD7CABFF406" "B93DD560-ED82-4F46-9FF3-4B68B5FFF565" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                Imagebase:0x7ff62eb60000
                                File size:710'048 bytes
                                MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:14
                                Start time:11:16:40
                                Start date:29/08/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:15
                                Start time:11:16:40
                                Start date:29/08/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,17132551044684408085,1404673594378875390,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:17
                                Start time:11:17:02
                                Start date:29/08/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/file/d/1u-4Wu3MMggO_cnkkeq7MVJGL-p0zZRkS/view?usp=drive_web
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:18
                                Start time:11:17:02
                                Start date:29/08/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1952,i,14117656116701404992,16842391848183497777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                No disassembly