Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
52e69dd2-1038-4cc3-9a28-bd4e33724309.eml

Overview

General Information

Sample name:52e69dd2-1038-4cc3-9a28-bd4e33724309.eml
Analysis ID:1501431
MD5:b3e60c264ee4c75b4c57331cc73b6c11
SHA1:6dd959e25ec399909bc82d957a1741e56b8f9676
SHA256:36c19f3f6fa525b9c38297399a5ae77638088460e84ceb36658783cd0a496143
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5888 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\52e69dd2-1038-4cc3-9a28-bd4e33724309.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6192 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CCF90C33-8674-4F41-8D53-541E86A85C8C" "418CE8A4-BC4B-4A98-89AA-7B01E6DED6D1" "5888" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 1764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,10009891405383633377,35990076892042290,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2024,i,13461734001401825318,9834046241119500868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 6728 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5888, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5888, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fZGscnFdnnun8rV&MD=w+5p1Vf2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fZGscnFdnnun8rV&MD=w+5p1Vf2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.aadrm.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.aadrm.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.cortana.ai
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.microsoftstream.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.office.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.onedrive.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://api.scheduler.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://app.powerbi.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://augloop.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://augloop.office.com/v2
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 52e69dd2-1038-4cc3-9a28-bd4e33724309.emlString found in binary or memory: https://can01.safelinks.protection.outl=
Source: ~WRS{A7A489C4-33D2-4748-B6FA-14B0B49FA7E2}.tmp.0.drString found in binary or memory: https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fus-phishalarm-ewt.proofpoint.com%2
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://canary.designerapp.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.entity.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://config.edge.skype.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cortana.ai
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cortana.ai/api
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://cr.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://d.docs.live.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dev.cortana.ai
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://devnull.onenote.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://directory.services.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ecs.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://edge.skype.com/rps
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://graph.windows.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://graph.windows.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ic3.teams.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://invites.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://lifecycle.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.microsoftonline.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drString found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drString found in binary or memory: https://login.windows.local_AlR
Source: OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drString found in binary or memory: https://login.windows.localnullBoo
Source: OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drString found in binary or memory: https://login.windows.localnullD
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://make.powerautomate.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://management.azure.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://management.azure.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.action.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://messaging.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ncus.contentsync.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officeapps.live.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officepyservice.office.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://onedrive.live.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office365.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office365.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://powerlift.acompli.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://res.cdn.office.net
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://service.powerapps.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://settings.outlook.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://staging.cortana.ai
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://substrate.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://tasks.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 52e69dd2-1038-4cc3-9a28-bd4e33724309.emlString found in binary or memory: https://us-phishalarm-ewt.proofpoint.com/EWT/v1/C=
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://webshell.suite.office.com
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://wus2.contentsync.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: F681DE31-A5E1-452D-BDF4-78922174436B.0.drString found in binary or memory: https://www.yammer.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: classification engineClassification label: clean3.winEML@25/25@4/5
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\52e69dd2-1038-4cc3-9a28-bd4e33724309.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CCF90C33-8674-4F41-8D53-541E86A85C8C" "418CE8A4-BC4B-4A98-89AA-7B01E6DED6D1" "5888" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,10009891405383633377,35990076892042290,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2024,i,13461734001401825318,9834046241119500868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CCF90C33-8674-4F41-8D53-541E86A85C8C" "418CE8A4-BC4B-4A98-89AA-7B01E6DED6D1" "5888" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.htmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.htmlJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,10009891405383633377,35990076892042290,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2024,i,13461734001401825318,9834046241119500868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 16
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Rundll32		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1501431 Sample: 52e69dd2-1038-4cc3-9a28-bd4... Startdate: 29/08/2024 Architecture: WINDOWS Score: 3 6 OUTLOOK.EXE 508 144 2->6         started        8 rundll32.exe 2->8         started        process3 10 chrome.exe 9 6->10         started        13 chrome.exe 6->13         started        15 ai.exe 6->15         started        dnsIp4 26 192.168.2.16, 137, 138, 443 unknown unknown 10->26 28 192.168.2.4 unknown unknown 10->28 30 239.255.255.250 unknown Reserved 10->30 17 chrome.exe 10->17         started        20 chrome.exe 13->20         started        process5 dnsIp6 22 www.google.com 142.250.185.100, 443, 49721 GOOGLEUS United States 17->22 24 172.217.16.132, 443, 49724 GOOGLEUS United States 17->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://otelrules.svc.static.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://us-phishalarm-ewt.proofpoint.com/EWT/v1/C=0%Avira URL Cloudsafe
https://api.microsoftstream.com/api/0%Avira URL Cloudsafe
file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/20CO8UYI/.html0%Avira URL Cloudsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://can01.safelinks.protection.outl=0%Avira URL Cloudsafe
https://login.windows.local_AlR0%Avira URL Cloudsafe
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%Avira URL Cloudsafe
https://login.windows.localnullD0%Avira URL Cloudsafe
https://login.windows.localR0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://login.windows.localnullBoo0%Avira URL Cloudsafe
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.185.100
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/20CO8UYI/.htmlfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.microsoftonline.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://shell.suite.office.com:1443F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://designerapp.azurewebsites.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://autodiscover-s.outlook.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/connectorsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cdn.entity.F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/appinfo/queryF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkeyF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift.acompli.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v1F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cortana.aiF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/importsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cloudfiles.onenote.com/upload.aspxF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://entitlement.diagnosticssdf.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://us-phishalarm-ewt.proofpoint.com/EWT/v1/C=52e69dd2-1038-4cc3-9a28-bd4e33724309.emlfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.aadrm.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ofcrecsvcapi-int.azurewebsites.net/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://canary.designerapp.F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ic3.teams.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://www.yammer.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.microsoftstream.com/api/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cr.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://messagebroker.mobile.m365.svc.cloud.microsoftF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://otelrules.svc.static.microsoftF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://portal.office.com/account/?ref=ClientMeControlF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://edge.skype.com/registrar/prodF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graph.ppe.windows.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://res.getmicrosoftkey.com/api/redemptioneventsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift-frontdesk.acompli.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://tasks.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.localROUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officeci.azurewebsites.net/api/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://sr.outlook.office.net/ws/speech/recognize/assistant/workF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.scheduler.F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://my.microsoftpersonalcontent.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://store.office.cn/addinstemplateF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://edge.skype.com/rpsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office.com/autosuggest/api/v1/init?cvid=F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://globaldisco.crm.dynamics.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://messaging.engagement.office.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.local_AlROUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev0-api.acompli.net/autodetectF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://can01.safelinks.protection.outl=52e69dd2-1038-4cc3-9a28-bd4e33724309.emlfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.odwebp.svc.msF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.diagnosticssdf.office.com/v2/feedbackF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/groupsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://web.microsoftstream.com/video/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.store.officeppe.com/addinstemplateF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graph.windows.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.o365filtering.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.localnullDOUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officesetup.getmicrosoftkey.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://analysis.windows.net/powerbi/apiF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://prod-global-autodetect.acompli.net/autodetectF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.localnullBooOUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://substrate.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/autodiscover/autodiscover.jsonF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://consent.config.office.com/consentcheckin/v1.0/consentsF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://d.docs.live.netF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://safelinks.protection.outlook.com/api/GetPolicyF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ncus.contentsync.F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    http://weather.service.msn.com/data.aspxF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apis.live.net/v5.0/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officepyservice.office.net/service.functionalityF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://templatesmetadata.office.net/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://messaging.lifecycle.office.com/F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pushchannel.1drv.msF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://management.azure.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://wus2.contentsync.F681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://incidents.diagnostics.office.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/iosF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://make.powerautomate.comF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/api/addins/searchF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/odc/insertmediaF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/api/v1.0/me/ActivitiesF681DE31-A5E1-452D-BDF4-78922174436B.0.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    142.250.185.100
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    172.217.16.132
    		unknownUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    192.168.2.16
    192.168.2.4

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1501431
    Start date and time:2024-08-29 22:22:21 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 11s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:25
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:52e69dd2-1038-4cc3-9a28-bd4e33724309.eml
    Detection:CLEAN
    Classification:clean3.winEML@25/25@4/5
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .eml

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 93.184.221.240, 52.113.194.132, 52.109.28.47, 2.19.126.160, 2.19.126.151, 52.109.28.48, 51.116.246.104, 142.250.186.163, 142.250.186.142, 66.102.1.84, 34.104.35.123, 51.104.15.252, 40.79.167.8, 13.89.179.13, 142.250.185.227, 20.189.173.15, 172.217.18.14
    • Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, onedscolprdgwc00.germanywestcentral.cloudapp.azure.com, roaming.officeapps.live.com, clients2.google.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, update.googleapis.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, onedscolprdwus14.westus.cloudapp.azure.com, a1864.dscd.akamai.net, clients1.google.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdaue02.australiaeast.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtSetValueKey calls found.
    • VT rate limit hit for: 52e69dd2-1038-4cc3-9a28-bd4e33724309.eml

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    239.255.255.250https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
      https://hardbin.com/ipfs/QmQMgsXNvcBrxtTiqDiXNirvtg2aFSGT7XRoUxFk5vCFUgGet hashmaliciousUnknownBrowse
        nhom89337074245633707424563.pdfGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            Stacey Opted PYMT Tokyo electron limited.docxGet hashmaliciousEvilProxy, HTMLPhisherBrowse
              https://hkwyolaw.ency.cloud/Get hashmaliciousHTMLPhisherBrowse
                https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9AGet hashmaliciousUnknownBrowse
                  https://www.estampariaimagemeacao.com.br/js/images/tvavx.php?7-797967704b5369323074665079536e4f53696c4e536374495330724e4c4d38764c386f734d6741436f367a554c434d6a45304e446f2f4c537a4879396773543031474b396c4e51796651413d-cGllcnBvbnRAdW1jdS5vcmcN&c=E,1,wbWD82FzAB2JeezUv_orUrFt9Y6xAwP1SFd-LxGbn5lFQUR-ICnh2bVD8KxUbI-o1WHs4m_jH3oIrcrCtckuIPjOPE2z7IJMic3gcfP66riD2fyrofyEXyw,&typo=1Get hashmaliciousHTMLPhisherBrowse
                    http://my.manychat.com/Get hashmaliciousUnknownBrowse
                      https://cvccworks-my.sharepoint.com/:o:/g/personal/tbrosseau_cvccworks_edu/Eq-UyPVcAplCp0EtULhG-vgBSBG-0YnvqRHIOFaj8gAVeA?e=0GtZle&c=E,1,DChFGbEapD80-9FdFFEzIgnps7b6noVGZQKGJYQxe5NZ1bO4xoHQSXTZoDZYFQom26YXPkpXr4g-Zcy6HwaX1DHyE-5Bk2WBwo9od82Z27DPdBWYzulyG2zvnA,,&typo=1Get hashmaliciousHTMLPhisherBrowse

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        28a2c9bd18a11de089ef85a160da29e4https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        https://hardbin.com/ipfs/QmQMgsXNvcBrxtTiqDiXNirvtg2aFSGT7XRoUxFk5vCFUgGet hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        nhom89337074245633707424563.pdfGet hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        file.exeGet hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        https://hkwyolaw.ency.cloud/Get hashmaliciousHTMLPhisherBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9AGet hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        https://www.estampariaimagemeacao.com.br/js/images/tvavx.php?7-797967704b5369323074665079536e4f53696c4e536374495330724e4c4d38764c386f734d6741436f367a554c434d6a45304e446f2f4c537a4879396773543031474b396c4e51796651413d-cGllcnBvbnRAdW1jdS5vcmcN&c=E,1,wbWD82FzAB2JeezUv_orUrFt9Y6xAwP1SFd-LxGbn5lFQUR-ICnh2bVD8KxUbI-o1WHs4m_jH3oIrcrCtckuIPjOPE2z7IJMic3gcfP66riD2fyrofyEXyw,&typo=1Get hashmaliciousHTMLPhisherBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        http://my.manychat.com/Get hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        file.exeGet hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50
                        http://idtyvfyfmst.weebly.comGet hashmaliciousHTMLPhisherBrowse
                        • 184.28.90.27
                        • 20.190.160.20
                        • 51.104.136.2
                        • 20.12.23.50

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):231348
                        Entropy (8bit):4.396262924119448
                        Encrypted:false
                        SSDEEP:1536:vLYL+pgscvohzvT1xgsZCNcAz79ysQqt2NaNclqoQ5xrcm0FvpciygnHXTb5r8u/:E4gWjTg/miGu2nqoQ7rt0FvUIPyqNAc
                        MD5:053E2BA9BC9B63F683DB9B1B3D54FE29
                        SHA1:4CAECA416603E0B28BA41E73645794C24D8837F7
                        SHA-256:FF4693AB5600268E7995A62CA857BA693E7023CEE284B7F8E4FA018CD4898020
                        SHA-512:681118B09737372F3254BDC4ABB60EAF65C03BAD33DAF77C0C0E0D80383E7DA704EC8DE438D9D40C0F44FF8830876878E99640A0EF1A47F9536C957E043330D9
                        Malicious:false
                        Reputation:low
                        Preview:TH02...... .@../Q.......SM01X...,...`../Q...........IPM.Activity...........h...............h............H..h........R..,...h...........H..h\cal ...pDat...hp...0.........h..E...........h........_`Rk...hv..E@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..............!h.............. ho.?...........#h....8.........$h.......8....."hp.......p.....'h..............1h..E<.........0h....4....Wk../h....h.....WkH..h.L..p.........-h .......,.....+h...E........................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:ASCII text, with very long lines (65536), with no line terminators
                        Category:dropped
                        Size (bytes):322260
                        Entropy (8bit):4.000299760592446
                        Encrypted:false
                        SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                        MD5:CC90D669144261B198DEAD45AA266572
                        SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                        SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                        SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                        Malicious:false
                        Reputation:high, very likely benign file
                        Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):10
                        Entropy (8bit):2.6464393446710157
                        Encrypted:false
                        SSDEEP:3:LBcbcs:t0v
                        MD5:57212EF644619184FF215E2FEED8E9D7
                        SHA1:7EF50EA45D0423018C2B8BC5E2FF4C90FE6DCB4C
                        SHA-256:0B983456AEDB542B692BCA3EAB0C52AE07715F7AAF9CC7D481EC736DFDD03ED2
                        SHA-512:2997CC51007167D926DC4184630CA1201494F7153D745CE0F9A484869B6C53BFF37F8A03BFD5CA4AB5E1E3FD0F4941B0BA9229C9B7E6826E9559F849843F3691
                        Malicious:false
                        Reputation:low
                        Preview:1724962998

                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F681DE31-A5E1-452D-BDF4-78922174436B

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):176428
                        Entropy (8bit):5.287397724335617
                        Encrypted:false
                        SSDEEP:1536:Di2XfRAqcbH41gwEiLe7HW8bM/o/NMYcAZl1p5ihs7EXX2EAD2Odad:W4e7HW8bM/o/wXzku
                        MD5:E95EF247C4C76664329E917A81FBF78C
                        SHA1:B1EC7A457DD9F76A4942927AA0BDD60421876532
                        SHA-256:4BA46073B50A80D0ECF3134958FE42405D61377911E0691FA6C855AEB8F82EEE
                        SHA-512:C184C2ECD45EBEE5D8B52DC038137226C8462BBE2A38CD6D6FE2C96E57A8DF6C9F945404C57E9924CD09FF7C19C0DA3B4E5B8A5C0985C4365DCA951C63B33B54
                        Malicious:false
                        Reputation:low
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-29T20:23:16">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                        Category:dropped
                        Size (bytes):4096
                        Entropy (8bit):0.09216609452072291
                        Encrypted:false
                        SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                        MD5:F138A66469C10D5761C6CBB36F2163C3
                        SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                        SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                        SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                        Malicious:false
                        Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):4616
                        Entropy (8bit):0.13619563930970963
                        Encrypted:false
                        SSDEEP:3:7FEG2l+4Ftsll/FllkpMRgSWbNFl/sl+ltlslVlllfll4Fn:7+/l3FiBg9bNFlEs1EP/Yn
                        MD5:16545DA08A035A7F4644EB0E62612541
                        SHA1:DF4EA29736046E0006B022AE043C9FF5D4AB13A7
                        SHA-256:35BDB600AE3C564C8E0B064BD7C063557B39CFC35A04783F765633B0422012CD
                        SHA-512:C6C2ACAE57BE915109C42E1E09B1D9612CE90D06A938A8B5A187E4EB9B821FCAF24FDC72EA371EB7284F1D4AB83C0EF50C87AF5943CEC305A82B59490078A4EA
                        Malicious:false
                        Preview:.... .c......lF ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):32768
                        Entropy (8bit):0.04482848510499482
                        Encrypted:false
                        SSDEEP:3:G4l2fD0xtsl2fD0xtel8lL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2IMl2I+l0L9XXPH4l942U
                        MD5:4DA482B4A5D9A4279F95F73965A26273
                        SHA1:1DDF40580946BB2559C640D8210818E6653340F7
                        SHA-256:687825760B45B850F4BCEAC62326086CE9EB88349B5D7DC2E2C2C076E7B26287
                        SHA-512:F3D0A3DB67B034E496577A86409619BC5A3D5A9B206E3644C64C3345DADF9DA9DEA2B17B3CC5FECA31DACF65AE805FA14DDA0F47A316F2FDF2BF4394FB7BAFE6
                        Malicious:false
                        Preview:..-.....................f.Q.+.z.h..Th.......WOc...-.....................f.Q.+.z.h..Th.......WOc.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:SQLite Write-Ahead Log, version 3007000
                        Category:dropped
                        Size (bytes):45352
                        Entropy (8bit):0.39453178716546183
                        Encrypted:false
                        SSDEEP:24:KAEgQ3zRDNYs8Ull7DBtDi4kZERDHTzqt8VtbDBtDi4kZERDz:NEgQ1SFUll7DYMPzO8VFDYM
                        MD5:CAB54A90A98416F5E0650C2C6C21944F
                        SHA1:32F3669CF97F9B8C0CDBF224DBFDCD293BFF3E56
                        SHA-256:5522DC108412BE4C450D18EEEEB9A90E701628A0E8C8848B1D4F2D572FE2CE64
                        SHA-512:DFB350DDF45B15AE6BE7D1598B11BA7358D6C7D4925FE5A0BB6B8CD0BD23D2D3D5F1E1C6135408903E4EE0779E1164982F100026E27321AB3571B3E5A09BBA87
                        Malicious:false
                        Preview:7....-..........h..Th...).{.l'.........h..Th........}..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):2278
                        Entropy (8bit):3.8360604405156
                        Encrypted:false
                        SSDEEP:48:uiTrlKxsxxGuJxl9Il8u04pSlys+KBZZJUxiIgOIytw7YMXDd1rc:vp9YLOyHziI+ytrMU
                        MD5:A9859CEC90E9A29B90C2CA380A05F997
                        SHA1:40C7D37AB37EDCEB269B5DDFFCFA47387C56B48F
                        SHA-256:15BE345C27D27ADD8EC5A8AE51DEDFE269EAFE93CBDBD9F58DAA376086616870
                        SHA-512:93F5ADF2DB82D16A2C01D11A223AE96E0F68F29EE69D179B423C6808419C5BD356C387F97596D200EE0A719F054E33BF70A9178767563E1A055E3CF75DC8F91F
                        Malicious:false
                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.p.I.q.V.n.6.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.A.G.s.h.g.

                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):4542
                        Entropy (8bit):4.005819623436629
                        Encrypted:false
                        SSDEEP:96:kuYLaDxJclKu30ZMSh8OyiAQp8Blvd/dZ9hS9Kb:TJxv1uSTyqyBlvln1b
                        MD5:5113BEA84108CA0F6A42F392D28A634A
                        SHA1:13500F5AB0703CE08CBFED7A25CAA7445276C786
                        SHA-256:D6FE99362D3CB5741A30DCD59E188ECA01E75B3DFCF3E678418B8000EB78D544
                        SHA-512:48C6B7E9A315CDC407A419F4BDB9B49DDB075F4D2915667F5D5CB18CC8B94646D53A2E1DE5068602521592BB0A6E00185E977ECC8E8A2F4590C645A4B5E35D26
                        Malicious:false
                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".o.A.E.x.j.1.H.6.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.A.G.s.h.g.

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\ (002).html:Zone.Identifier

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:ASCII text, with CRLF line terminators
                        Category:modified
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:gAWY3n:qY3n
                        MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                        SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                        SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                        SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                        Malicious:false
                        Preview:[ZoneTransfer]..ZoneId=3..

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html:Zone.Identifier

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:gAWY3n:qY3n
                        MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                        SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                        SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                        SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                        Malicious:false
                        Preview:[ZoneTransfer]..ZoneId=3..

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A7A489C4-33D2-4748-B6FA-14B0B49FA7E2}.tmp

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):3952
                        Entropy (8bit):3.1426571681695963
                        Encrypted:false
                        SSDEEP:24:vcEjkqnZ7GFNw3Vfr2n2DFvzWKavLyhlsrk/h9mNC+1BbSZTAnDelQo1M5QnUFby:0scFNopoGCLyhkC6tHnDxDcm8p
                        MD5:D89CD0985CE9FB49C3B12EA9F68E142C
                        SHA1:BF12CA86AD1DFE140094EB1C49A87B5D80F85CC0
                        SHA-256:F1759481E3D31BF890669E47D304E9D6E7546402A0E4577800740130F6A4F85A
                        SHA-512:51D2DC5BAC6156BE217C51EB30C50AF820C9D14641B034344ECD75CDD3958AAF09F9FA5152468AC122430B156543E80493DA99995262F1BFDB0234359C82954C
                        Malicious:false
                        Preview:...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...$...........................................................................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a.........d....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a..

                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724962973184847000_2132E419-568C-4C9D-B774-A97F0A3B7661.log

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):20971520
                        Entropy (8bit):0.006149432983310596
                        Encrypted:false
                        SSDEEP:192:i/0W/8KTHnlLuXhrR814HWHT6Hw3ujDIomnsB06VE3VoB:e0KzTHlL0F81uSTew+jDILnf6a3WB
                        MD5:7353C2B997274B22521F260277C21B38
                        SHA1:1D07D190F57A3CC0B7A29735F5E6108C741F6A2D
                        SHA-256:2E6E6BEFF928100FF080862B1B073BB0EB0E3178A9010FA1E0D6E6601AB23C06
                        SHA-512:B31443F024CE51EE4A271C665307E4BD6273F64120A5D73473784DFA6B51F540306C57CFFFF247F0847F1D16274ED5ABEE01AC2975BBEF52D028BAAC3B02818B
                        Malicious:false
                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/29/2024 20:22:53.240.OUTLOOK (0x1700).0xDD4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"2024-08-29T20:22:53.240Z","Contract":"Office.System.Activity","Activity.CV":"GeQyIYxWnUy3dKl/Cjt2YQ.10.1","Activity.Duration":148,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...08/29/2024 20:22:53.240.OUTLOOK (0x1700).0xDD4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":23,"Time":"2024-08-29T20:22:53.240Z","Contract":"Office.System.Activity","Activity.CV":"GeQyIYxWnUy3dKl/Cjt2YQ.10","Activity.Duration":459,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Fai

                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724962973185463000_2132E419-568C-4C9D-B774-A97F0A3B7661.log

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):20971520
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3::
                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                        Malicious:false
                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, userbration: offset 0.000000, slope 134217728.000000
                        Category:dropped
                        Size (bytes):192512
                        Entropy (8bit):4.8109835171454485
                        Encrypted:false
                        SSDEEP:1536:r4F39XMAjG2oA2BaeVIXb9SgNSDT8OMACOS2WuCeEJxbJvXan:r4F3hMA+2DYDwNpXan
                        MD5:B6B3E0F8E3481A332A53B2BDDE410463
                        SHA1:C2FE1630476062D888EB2F8B6E2D4DAE261D205D
                        SHA-256:395E43A3A0FAA0BA175093259194C59EACE6C4218C78FB5002BC33A5420C0958
                        SHA-512:FFF29DFC27B7D613C813C05C26B6FE7691E52953BA90FC983884628A793B4251CEBF9323F3DEC53C56BA28EE8475D9DE4E6993A39D3D5EB9FD62D926AA88F87A
                        Malicious:false
                        Preview:............................................................................`...l..........9Q...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................r.;.Y.............9Q...........v.2._.O.U.T.L.O.O.K.:.1.7.0.0.:.d.4.1.5.7.c.8.e.1.8.8.1.4.5.6.7.8.e.2.6.6.8.b.1.0.3.d.b.4.3.4.0...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.9.T.1.6.2.2.5.2.0.9.9.8.-.5.8.8.8...e.t.l.......P.P.l..........9Q...........................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):30
                        Entropy (8bit):1.2389205950315936
                        Encrypted:false
                        SSDEEP:3:K1Z:K
                        MD5:4F736005B6CED26F21CF10B590913C7F
                        SHA1:87EA75DEF38813A1CC1D1C514FAE224026070E6E
                        SHA-256:7EA5AD222CB0AD0A02FE4D7B0B794F10788CA54B337A879318D724ADE738A4DF
                        SHA-512:FF8801C6EAA077D25F533FCF316065F960E916AB5AED66C2E2B75BBF756C4AAD718866829C674C4240EB7CC84DFC77A9EB2FFEEF592953BF3CF5DD9741427943
                        Malicious:false
                        Preview:....}(........................

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 19:23:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2673
                        Entropy (8bit):3.990745192896675
                        Encrypted:false
                        SSDEEP:48:8adOTqGKH5ZidAKZdA1FehwiZUklqehly+3:8T/qqy
                        MD5:4E9B48A8AD1341DD5D49AD03A2F5B52B
                        SHA1:E3A04DD5E20FD38C8E0D2D10FDDDD1D54E678CBB
                        SHA-256:807B2ECC68BA42442DC2E589E45F6720FCAB0CBC0C945098EDAD5C30E8D43A31
                        SHA-512:E4F5EB122756E9F39FB23B4FC741F82D92D4F5BDABAAD743C202CF2F94B5D0B6D834FAFBC19160BB7591589AC2A91ADAC7E5D8BDDF438399853BBC1D95B1DBA0
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,......LQ...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 19:23:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2675
                        Entropy (8bit):4.007092337152222
                        Encrypted:false
                        SSDEEP:48:8qdOTqGKH5ZidAKZdA1seh/iZUkAQkqehay+2:8j/E9Qny
                        MD5:806A917BBB74C4A96CD9088258C6406A
                        SHA1:4B671D549067ACF09CC2328E0679E07309E82B6A
                        SHA-256:61429EB564F92AFBF2C78617DC0509A7590B771295F2EFE3164E6FA5042D83C7
                        SHA-512:ABB784EAB68C6FA607059B9E36922FEE509934064ADF5D16C6D787E5B22DC017D2AA7CE7066EC02E3AA8707FB749242C257C88002771332E3FF85EDC32DBA4EB
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,......LQ...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2689
                        Entropy (8bit):4.0123139719857965
                        Encrypted:false
                        SSDEEP:48:8udOTqGAH5ZidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8//inmy
                        MD5:DDE0339F093573BE9ADE20AE03CFDDAC
                        SHA1:2DA57519D71279724B1BE396C283A77A20221E22
                        SHA-256:21587BD5AB7C19182CAD6E474141A3526E0BA02B5E8A3E92C6A496A4F93F1B28
                        SHA-512:0247149DBA42E7D8D930356AE086A721230AE51EB5DEF75057D7E439F3AD4A015A6A586B345C0CAD3FD77597CFE3A1A4A5B8F751608924C5CE43B8B6E7B5692C
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 19:23:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):4.004878444643731
                        Encrypted:false
                        SSDEEP:48:8GdOTqGKH5ZidAKZdA1TehDiZUkwqehey+R:83/fky
                        MD5:25B32A4C25607FA8E1A5B26CA46FD6C1
                        SHA1:ACA803CB97D47E40BD91C585C906849ACF6D6119
                        SHA-256:1A76A841A67D70FB4C8B92A30C03A8A956C747290815B850A508E5FF4D600CCC
                        SHA-512:E62F353AE0929450ED1E117EAA5AB799D4F91BF507DF9249C9748376457008A8C4565E09EF4FBD4D4BDCA3A0AFA53D91AB32E6282D77D929D2110343FE4F5EAD
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,.......LQ...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 19:23:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):3.993335636142665
                        Encrypted:false
                        SSDEEP:48:8sdOTqGKH5ZidAKZdA1dehBiZUk1W1qehoy+C:8N//9Iy
                        MD5:EDD2F1E9972970B967383B18C4789637
                        SHA1:1B7B2E13D6896D3727479F523BBA2E92E82BC853
                        SHA-256:36B8E00F8C44CBD20AB8CD4A10EF3C0D267D801B85B16DF8056C25C535900E16
                        SHA-512:334A14EF9C06F42A506DCFD1182A561FC657B232C1818235A7BFBE86F480103DC72891E63B9CA678A05B6BA0474641DF6AC85E6AE00EDCD3FBE6DAC16EE8812A
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,.....p.LQ...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 19:23:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2679
                        Entropy (8bit):4.001897168945366
                        Encrypted:false
                        SSDEEP:48:8D2dOTqGKH5ZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbmy+yT+:8Dn/DTfTbxWOvTbmy7T
                        MD5:923C48AA8AF5946400CAC24BE5376CF8
                        SHA1:293A8322F4AFE32FECE85F4B1139A0756F019F25
                        SHA-256:5A09039327D07063A222F478E6D9C5C345C4B99047356661EF3B3105119CD2C6
                        SHA-512:48D91DE1419DEE6E93E9DE9BC78F41349CF6B8348250D207C94498271B75DF997E9B028F9EF830A1E52B9D7260B422A6EC894A80AE381B7545C93976412ABD71
                        Malicious:false
                        Preview:L..................F.@.. ...$+.,.....o.LQ...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+.?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:Microsoft Outlook email folder (>=2003)
                        Category:dropped
                        Size (bytes):271360
                        Entropy (8bit):2.8119643215089756
                        Encrypted:false
                        SSDEEP:1536:TTPjxBKxn0508CnfMVeFnl5vvStHtzcGAFxCYUt3kDfcjEpEy10BAwrCrJW53jEp:/PWEzcVb1pfBpjiw8pj
                        MD5:C90F76C4D9FD5A45284DD7ECF8AFCCF3
                        SHA1:0D72D3013D2DDF87FFD8B6B09181719256797B88
                        SHA-256:F5A1AD93547E0EB18715A829F299A09E87B218B095319050964CE9272D918446
                        SHA-512:512E4B410791D1A92B9CA0E76CAD0600A612B32CBF77B8FC78ACB514ED4E7F77781BEE9271956D7F2C032410726FF935EF4870866FFEABD1993D7E032F913E98
                        Malicious:false
                        Preview:!BDN..}.SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D...............................x...............................................................................................................................................................................................................................................................................................................Uu.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):131072
                        Entropy (8bit):2.9553379554759878
                        Encrypted:false
                        SSDEEP:1536:MW53jEpEHPVQ10BAwr1w53TXYdZRsUTL050It3cd7yW53jEpEHPVQ10BAwr:OpjMsAapj
                        MD5:6EFEAEF524700265BDB96F6FAC3E70E9
                        SHA1:A27DC560B6FDE4AB7484701C76720895F9F39679
                        SHA-256:C9119A7BD854DDB04468D665509AD9C46D301A21E048DDD406F82F5E00BACD4D
                        SHA-512:44F243929A8EF6EA8195B844775F7685A34760A1164393B4EF3419480CC87B4B18E0138873F03685D9C82F4E3C9EAB7ADF7C938B5D41BE5FACEF26CBAE18D552
                        Malicious:false
                        Preview:...C.................9Q.....................#.!BDN..}.SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D...............................x...............................................................................................................................................................................................................................................................................................................Uu...9Q........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:RFC 822 mail, ASCII text, with CRLF line terminators
                        Entropy (8bit):5.949923509672728
                        TrID:
                        • E-Mail message (Var. 5) (54515/1) 100.00%
                        File name:52e69dd2-1038-4cc3-9a28-bd4e33724309.eml
                        File size:23'141 bytes
                        MD5:b3e60c264ee4c75b4c57331cc73b6c11
                        SHA1:6dd959e25ec399909bc82d957a1741e56b8f9676
                        SHA256:36c19f3f6fa525b9c38297399a5ae77638088460e84ceb36658783cd0a496143
                        SHA512:44dae2440baaef7763ea582448788cbaeaf36c4348d87f1bb8ed27bf41bb4239c3966a4e7b21ebca75e6185f4eda038eacf9c4174f3b1e05b7db2c4b641a0e2e
                        SSDEEP:384:gacIUAqR5/ONVhDCZRNNXrezI999999999injKKhrrNrb47YnG:gPIKRuaNtrKjjKKhrrNrb47YG
                        TLSH:47A2C403568B4383407ACE117B533BBA7F23785D936C4B70F560926C976AC5AB6132FA
                        File Content Preview:Received: from SA1PR06MB8472.namprd06.prod.outlook.com (2603:10b6:806:1cf::17).. by BYAPR06MB6007.namprd06.prod.outlook.com with HTTPS; Thu, 29 Aug 2024.. 09:31:00 +0000..Received: from YQZPR01CA0150.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:8c::9).. by SA

                        Static Mail

                        General

                        Subject:Due Invoices
                        From:Accoutning <bt@termitac.com.sg>
                        To:sbenjimen@imax.com
                        Cc:
                        BCC:
                        Date:Thu, 29 Aug 2024 05:30:16 -0400
                        Communications:
                        • #pfptBannernw86eaw { all: revert !important; display: block !important; visibility: visible !important; opacity: 1 !important; background-color: #fee81d !important; max-width: none !important; max-height: none !important } .pfptPrimaryButtonnw86eaw:hover, .pfptPrimaryButtonnw86eaw:focus { background-color: #e5d675 !important; } .pfptPrimaryButtonnw86eaw:active { background-color: #cdc492 !important; } Payments Reference. ZjQcmQRYFpfptBannerStart This Message Is From an Untrusted Sender You have not previously corresponded with this sender. Report Suspicious This Message Is From an Untrusted Sender You have not previously corresponded with this sender. This Message Is From an Untrusted Sender You have not previously corresponded with this sender. Report Suspicious Report Suspicious https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fus-phishalarm-ewt.proofpoint.com%2FEWT%2Fv1%2FCzU9WQTM!GCri--t-1IULgqRDQpRGugHUfbUSsnj3bUC4mSRxtClaXUk6rYOVQF0dVapZtIg_FpYop5XcfgYqQfF8hx5L4a633WeAqsL9KpVDI8uQAwH6Rl6w3u2yoJkv%24&data=05%7C02%7Csbenjimen%40imax.com%7C81a5773f2f12449c089508dcc80d319d%7C690377a2597f481ca498b51532ed1e7d%7C0%7C0%7C638605206606757615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=xWVCPAPML6kvZB5QTe3j2whTdbn99nHwYC%2Fq0PlbQkE%3D&reserved=0 Report Suspicious ZjQcmQRYFpfptBannerEnd
                        Attachments:
                        • .html

                        Headers

                        Key Value
                        Receivedfrom <ssl.SSLContext object at 0x7c4626aefdc0> (102.188.227.35.bc.googleusercontent.com [35.227.188.102]) by sgsmtp15.sgcloudhosting.com with SMTP (version=Tls12 cipher=Aes256 bits=256); Thu, 29 Aug 2024 17:29:52 +0800
                        Authentication-Resultsspf=fail (sender IP is 67.231.150.198) smtp.mailfrom=termitac.com.sg; dkim=fail (signature did not verify) header.d=spamexpertfilter.sgcloudhosting.com;dmarc=none action=none header.from=termitac.com.sg;compauth=none reason=405
                        Received-SPFFail (protection.outlook.com: domain of termitac.com.sg does not designate 67.231.150.198 as permitted sender) receiver=protection.outlook.com; client-ip=67.231.150.198; helo=mx0d-007a8001.pphosted.com;
                        DateThu, 29 Aug 2024 05:30:16 -0400
                        Authentication-Results-Originalsesg01.sgcloudhosting.com; auth=pass (login) smtp.auth=sgsmtp15@spamexpertfilter.sgcloudhosting.com
                        DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spamexpertfilter.sgcloudhosting.com; s=default; h=Subject:To:From: MIME-Version:Content-Type:Message-ID:date:reply-to:sender:cc:bcc:in-reply-to: references:content-transfer-encoding; bh=MvIAZmkAbsnH9StAP+WvtT6Q6g+EFFP6GxDTsAWL6is=; b=gXUKY1mD2sLeI4mbV0eNF9Hy3v /VHiNhimJpLApvDVcV+0wovHjkyRY99ySfGLbAyTP6iGrYY25nODo6EgbU5+y0rnqgdeY+iius/6A 32OFPKrEQ91BcAVc5XluJh7lhfM8KnO9BWo3xI/qWHT4XZ/hqmv1dZAtNHZVgloCzjBM=;
                        X-SmarterMail-Authenticated-Asbt@termitac.com.sg
                        Message-ID<bdf84c3f0a9f44659931d8423ee8abe0@7809b9a8afcf492d842b06022b321fbb>
                        Content-Typemultipart/related; boundary="===============6743228520958512132=="
                        FromAccoutning <bt@termitac.com.sg>
                        Tosbenjimen@imax.com
                        SubjectDue Invoices
                        X-Originating-IP103.7.10.184
                        X-SpamExperts-Domainspamexpertfilter.sgcloudhosting.com
                        X-SpamExperts-Usernamesgsmtp15
                        X-SpamExperts-Outgoing-Classunsure
                        X-SpamExperts-Outgoing-EvidenceCombined (0.90)
                        X-Recommended-Actionaccept
                        X-Filter-IDPt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9cV6AwyIQqFS6XfKSKaQA3PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xpjGD58QfnNnJkGkDMdPJQ3ZxuBcyOmUxBU6+ylVUSwSGU OnoG27HtwD1nWzKsYtjilbHtbFYVmmyNP/jzd7CCzPgfBgZM0FjuQW6Y55dUiQZmnW/XN+tohdLu D74c7RJlPvZRwd5GoVKxnVw2HUBSg8CBO1Snvm6qXHQp7O9kdW4XURb6ARhuU1gzjeQxGnCvcirM rI7hSGVJrov14AqR/PMbIOc80nC4/niUGh8Tcf25Cgscc2Nqd9azmDa4ZbZiw5JjPOtY6QanNQmH LTEsFEqhVt2bN9kbtY/w/v96Z80ZzaHVG6aDAfQHGejUeojGEEtfPovhjdKtGmhB6DRewSkOOve5 lOn9FzS0TDFfz987BekpxkaiZFbMyZmnki9hKzy27dJ+eI97x1+KvbnG5YE5enyccp7RH4WQio3u GQFRPUQDpR3oqH2AXACejnevcirMrI7hSGVJrov14AqRSK0R7eBBBPnXIkMgMQtV6qa5zn3o6MtK 8pf0hPbAkeCZME8HeiOTBXPmeRcbGamAcxw3qqhc+N6cuEg4XWh5Flp1pbo1ocu5uelHIOfFtowT 97z3JTzZphb20I/gkwdqsoVT3HDACMU3p+383AZ+WS7M0xUvBF0e0kNwQDW04Ohv6soFWdGLFIQa gJrDJRIFwo4f1v+sLTjHAg5x5e2Jlu0Na/DFMms7wkTHFLN/StDHdXIW3oCVmqM4DseF//SvK1Er w36W35MdVm3ym1PL6hQOj9nPwS86HDjNjGTZbcPwoI7+8/u8C0RQ4QmiddJ9UV8ShebT8U8Xw9HT DfreWYlJqvZuxbmXUehqsQ6YJ6A4XjD8YIRbIyMCDTapG1wvS4lfxpmmfCffVhjFnpBYrWN/lgJ4 Z0zPp+o7y1UpkbD1UqH31u1QBqeOcwIAfZyjNvTu2n3pJiR15/X7VnKInTDhJWoWzydYzSvR7U8w qUjKCFDsggc3JeL+rzz5uihsBJ4wgZABrDJG7ExxzKG+ADCbJuKfRG4QOzagj2x6KRKiOcGVafRv Kh/4KLN25G9D+iOkbSRSbQbOrYxN2Qisdw==
                        X-Report-Abuse-Tospam@spfilter-1.sesg01.sgcloudhosting.com
                        X-CLX-ShadesMLX
                        X-CLX-Response1TFkXHxoRCkx6FxoRCllEF2xITRh6bFpccHIbEQpYWBdtYwVsXXBvRn4fGBE KeE4XZUt7HWVkWhNCcngRCkNIFxsYHxEKQ1kXGRwRCkNJFxoEGhoaEQpZTRdnZnIRCl9ZFxsTHx EKX00XZ2ZyEQpZSRcbHXEbBhkedwYbGxIGGxoaQAYaBgcYGgYZGnEbEBp3BhoGBx8aBhoGGgYaB hpxGhAadwYaEQpZXhdoY3kRCklGF0NHS1JJRVhadUJFWV5PThEKSUcXeE9NEQpDThcbEmV4e01b dU9DXx4bW39QUlhvGltPZG1wfh97RhkHZhEKWFwXHwQaBBkdGQUbGgQbGxoEGxkeBBkZEBseGh8 aEQpeWRdPaE94bhEKTVwXBx4aEQpMWhdvaU1raxEKQk8XYUZFY3lze2R5Xk0RCkNaFxsaGQQdBB IEGB4TEQpCXhcbEQpCRRdnb3lpHkMdXRN4UhEKQk4XZUt7HWVkWhNCcngRCkJMF21jBWxdcG9Gf h8YEQpCbBdlAXBfWXljElt/SREKQkAXbX19S1taSBpMfFgRCkJYF256S0xNWgVeGRpjEQpNXhcb EQpaWBcYEQp5QxdlSHJaE39LZksBGxEKWUsXEh4YEQpwaBdnQE9IfmxeE3BebhAZGhEKcGsXYxg YZX5LfkJyfQUQEx0RCnBrF2RfXG5wRGdwZRxiEB4SEQpwbBdmaFoZYF9bcB9ARhAZGhEKcEMXbU sSHlNnfG5zfmgQGRoRCm1+FxsRClhNF0sRIA==
                        X-Proofpoint-GUID18ORQgq_eiu41qUzxrE0qeNGZT5Ql3-L
                        X-Authority-Analysisv=2.4 cv=cbaArWDM c=1 sm=1 tr=0 ts=66d03fa8 cx=c_pps a=mumzzZgRxkYTQLKJcuPGyw==:117 a=mumzzZgRxkYTQLKJcuPGyw==:17 a=nLP2QP6c4UhoX6VlK+IQJU8aVbc=:19 a=DBwwDor5xuMA:10 a=LkmbCIK55k4A:10 a=yoJbH4e0A30A:10 a=5KLPUuaC_9wA:10 a=xFWlENlAFokA:10 a=kLNmGMx_IUS048K-xLYA:9 a=QEXdDO2ut3YA:10
                        X-Proofpoint-ORIG-GUID18ORQgq_eiu41qUzxrE0qeNGZT5Ql3-L
                        X-Proofpoint-Banner-Triggerunknownsender
                        X-Proofpoint-Virus-Version
                        X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=17 malwarescore=0 mlxscore=17 lowpriorityscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 unknownsenderscore=20 spamscore=17 mlxlogscore=69 clxscore=50 priorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2407110000 definitions=main-2408290070 domainage_hfrom=842
                        Return-Pathbt@termitac.com.sg
                        X-MS-Exchange-Organization-ExpirationStartTime29 Aug 2024 09:30:17.2272 (UTC)
                        X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                        X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                        X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                        X-MS-Exchange-Organization-Network-Message-Id 81a5773f-2f12-449c-0895-08dcc80d319d
                        X-EOPAttributedMessage0
                        X-EOPTenantAttributedMessage690377a2-597f-481c-a498-b51532ed1e7d:0
                        X-MS-Exchange-Organization-MessageDirectionalityIncoming
                        X-MS-PublicTrafficTypeEmail
                        X-MS-TrafficTypeDiagnostic QB1PEPF00004E0D:EE_|SA1PR06MB8472:EE_|BYAPR06MB6007:EE_
                        X-MS-Exchange-Organization-AuthSource QB1PEPF00004E0D.CANPRD01.PROD.OUTLOOK.COM
                        X-MS-Exchange-Organization-AuthAsAnonymous
                        X-MS-Office365-Filtering-Correlation-Id81a5773f-2f12-449c-0895-08dcc80d319d
                        X-MS-Exchange-AtpMessagePropertiesSA|SL
                        X-MS-Exchange-Organization-SCL-1
                        X-Microsoft-AntispamBCL:0;ARA:13230040|82310400026|3613699012|43540500003;
                        X-Forefront-Antispam-Report CIP:67.231.150.198;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:mx0d-007a8001.pphosted.com;PTR:mx0d-007a8001.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(3613699012)(43540500003);DIR:INB;
                        X-MS-Exchange-CrossTenant-OriginalArrivalTime29 Aug 2024 09:30:17.1335 (UTC)
                        X-MS-Exchange-CrossTenant-Network-Message-Id81a5773f-2f12-449c-0895-08dcc80d319d
                        X-MS-Exchange-CrossTenant-Id690377a2-597f-481c-a498-b51532ed1e7d
                        X-MS-Exchange-CrossTenant-AuthSource QB1PEPF00004E0D.CANPRD01.PROD.OUTLOOK.COM
                        X-MS-Exchange-CrossTenant-AuthAsAnonymous
                        X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                        X-MS-Exchange-Transport-CrossTenantHeadersStampedSA1PR06MB8472
                        X-MS-Exchange-Transport-EndToEndLatency00:00:43.4261006
                        X-MS-Exchange-Processed-By-BccFoldering15.20.7875.019
                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                        X-Microsoft-Antispam-Message-Info l7BFpqipz9HgJSMm2DQQQkIH2ELWA3kDL9U0sqcBHklTqs/Mt3jYPHAbTvm2jzlDiNAFiv5S4r/oPdcjKjWRd2RQVOXiVNXelx3D0kBD4Mgekrx2xQ8lznXY7uM7uOFZfdGhbUXwUeMCL6N45t8+t08pDGoUJLXbcvTwTT8NJASbllYrzEvwFHFFtAff6KJEwCbc8kZm3TiApQqVG9RZ74PZhXJZF6c6tgnY2z/afXFXJiAVG7fajnCXFPIvYLn343YJHy5zgITKcaFw+GH7YZE1I0EEsPZi0ZecJe1RqeeFeFb3L6p6hPtjVmmDNTCFY80I9bcgDxFO84np4vFtanujD1ez8YBHnLtJgYFgYCcZqI4kytOCr9Gcci8EDRgBwInjLwQgtnt9fw2ylFR5ZPwtJSAGXpfl1ac8ltMEhPsyYnpjjnw3XcDCEinNi1B9HYG0hv8Q9zeZSw4xfd9d7cBIWTr1UOUU1nTGe4NtmEtFopglK233Ot6hwb6xrfZixaMpYD4nZzMi36MdoEL6EfH/USrKc9rHh/xAKaV4OhgLZS8SIdX1iZQ1RI+FWdU5guPUJHog28nGkDDf6rIGX1PUsSIbvlLcu07SwKw5Fgc8CIvs3NA8YcO/ZhccHzXzzwKlamqaKQNhEpvMUnb8cpNtppq23sZ7NT0Iu8w219soPVjwRVBUCwNQuNcZ0iJ4Ld1Re7P1BuPgM4pAd/MQ/biQ5NiPfdvpJUxQfXHZPU1OJdMm5iU6I0cKZjZ8vZe2So6lZ7Mzd2/Sfy51oV9qJNWnjupvvERdY5gALCYvDuLSnjkSrocrM/NkplAVSXgphW3CUtVOyTahb4nJaP0M4RPpAT91eyC58AGzuAvyKRVB4U6Yd0q0RW15bFRwEDwmFwlUAhsO9m8GjooMN27x/td1jN7U5s0mRmKi3XWJqJFYuNQv041i+Xb6MVp+ArDS35sfSo05KtgXZFf8WwizW1PXi+t+66a3WUCfAxcaBGOmZNTV5ZwPX+2sFVSrD9W2pEhCwXP+rZtrJ1WkWTXkNvwkbbLu8CipeDvynYDuyfOapz07anxqQG8I0/JAtFH3g9APGaqNrR3gLoGqUbtjB0QOvNzB/PGRJq16IC2/RhnyCve9wtqWf0xlWm9axi46bjY7ZUcZ26f5yrHpU7ogc+dM2LNmO2MLicHLSvoEWVlkgfEQfHRxUJvnEIAr/zRK4FcQViqxq7KWD0EoVJAbIX+x78b4EjsreZLeqY/ZEcu4k8joEBIac/1FFmscz6bVHMFQuQn9jwu4f32tpCV8BVESHum+S/cc6x+E2j2SFAgzWN85N+Ju5U1xxcoM7il5t7Elt7GCO5OCLZjfcS5tq7sn6fjE9vdJVSBzw8V9QOFx+jgs//J4zdEo7glFeiVR6EazVNDjEotpQYY7pe4PItEk3uiRn0hsAyi0oQNSDIx7wmYo2LnLN/jEjFmTAmTcHjDmtbo7TPe6ogEkH5D6pAt0RAJGqD37jGZ4qPbynCtUurT6L3jLV845ZzlWbsvOVMiUUT7rq3P/pFKk6t50/7LCjMeXbMfu+4WDRTi8ZXqpc+ACtNzgsxFKqh8Xna0bqvQIsy/Wg0l1dgY66FTcekNfN2/cULOm0dR4BpQ3PZPK0sIYTstxcSv2DdgV6REecdKirfSlF33cnasEUJe/Pctdsc7vq2IYgL9kH1X6cYKo8U20MIzDaLD0U9A2kRS6EFWUdQWJwMo3sIZRTsdOhLKABdpg3WKA3jHsjeU/yvweDU7EwGesqn8hEbCqtEo8pZvb1ugEChGyI21mwUKAgLOqK53gxFPdjMI0aVsSp5fx2a0bXPI9z9nvIhaIJHNX3+W7BhZgCPE0QIt2UxFFtyR0VZ0/nsqi42qFvrQiN6g0ty21GwtuSKPU6qA3o2BoXKvrCAx3JCI2xpav/GmBDlJnyhjCOVRJ/QjHalfSM71ufh6g1QYT0K30/YtXyUTnnaHsJ779a6+T+7LCQX+4hrstby7imjEfyOibAZqUdPrvR9w/lDbHoiRLnoZDJP8kQANZArafRCRQyPC8X/pHCzA1jieCUykStr3RZG+C6jhLOsCTIwbY5zD/4wn/zBm2JHLt9NDR47cCZ34A9k35+xNoob0nqchUmqPKWotC9Qt22DyPpb7Fx+yYTDhsDCORJInuL0e9leJHnBRhrYrRhGrepaUXIJ8gpERJ3AAPKSAzdSlSrye3O7nM7NU4qHcgz1Dceq85N7AXILUCOrXwwqeHPdKSNLk9FBpB63liaT1tOmwcqgf+OVDv+5oym5QX
                        MIME-Version1.0

                        File Icon

                        Icon Hash:46070c0a8e0c67d6

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 22:22:53.837935925 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:22:54.145694017 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:22:54.759682894 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:22:55.964670897 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:22:56.462904930 CEST4968980192.168.2.16192.229.211.108
                        Aug 29, 2024 22:22:58.364685059 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:23:00.014847994 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.014899969 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.014986038 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.016727924 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.016741037 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.689152002 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.689239979 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.694797039 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.694808960 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.695110083 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.735677958 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.735922098 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.776492119 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.964272976 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.964324951 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.964382887 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.964468956 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.964493036 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:00.964507103 CEST49699443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:00.964512110 CEST44349699184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.004045963 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.004081011 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.004159927 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.004424095 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.004436016 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.640634060 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.640723944 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.645812988 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.645829916 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.646063089 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.649631977 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.692507982 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.970279932 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.970355988 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.970520973 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.971239090 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.971260071 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:01.971270084 CEST49700443192.168.2.16184.28.90.27
                        Aug 29, 2024 22:23:01.971275091 CEST44349700184.28.90.27192.168.2.16
                        Aug 29, 2024 22:23:02.003000021 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:02.317827940 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:02.885552883 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:02.885586023 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:02.885680914 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:02.886456013 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:02.886467934 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:02.919691086 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:03.111480951 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.111517906 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.111589909 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.112556934 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.112566948 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.169851065 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:23:03.680193901 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:03.680402994 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:03.682815075 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:03.682825089 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:03.683077097 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:03.717807055 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:03.717865944 CEST4434970151.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:03.717948914 CEST49701443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:03.727849007 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.727933884 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.729300976 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.729307890 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.729511023 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.780410051 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.824500084 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982202053 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982222080 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982228994 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982239962 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982269049 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982323885 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.982342958 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.982372999 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.982402086 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.983293056 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.983360052 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:03.983361959 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:03.983412027 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:04.029138088 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:04.029153109 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:04.029165030 CEST49702443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:04.029170036 CEST4434970220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:04.077199936 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.077224970 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:04.077322006 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.078197002 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.078207970 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:04.130835056 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:04.873961926 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:04.874037027 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.910721064 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.910738945 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:04.910943985 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:04.912058115 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.912113905 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:04.912133932 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274224997 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274250031 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274288893 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274333000 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.274353981 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274391890 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.274650097 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274846077 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.274846077 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.274862051 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.274892092 CEST49703443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.274897099 CEST4434970320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.367827892 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.367850065 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.367953062 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.368145943 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.368156910 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.400517941 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.400543928 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:05.400765896 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.400959015 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:05.400968075 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.165770054 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.166940928 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.166940928 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.166970015 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.166982889 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.166989088 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.166999102 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.218887091 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.221158981 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.225883007 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.225893974 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.226080894 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.226490021 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.226490021 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.226517916 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.472829103 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.472847939 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.472892046 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.472929955 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.472946882 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.472964048 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.473129034 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.473381042 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.473400116 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.473408937 CEST49704443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.473413944 CEST4434970420.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.473817110 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:06.521769047 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:06.521806002 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:06.521907091 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:06.522094011 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:06.522108078 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:06.535707951 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:06.539113998 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.539132118 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.539159060 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.539189100 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.539197922 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.539233923 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.539509058 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.539521933 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.539530039 CEST49705443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:06.539534092 CEST4434970520.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:06.786781073 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:07.289259911 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.289355040 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.290486097 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.290496111 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.290707111 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.291801929 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.291836023 CEST4434970651.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.291906118 CEST49706443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.343620062 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.343655109 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.343744040 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.343935013 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:07.343954086 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:07.387708902 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:08.102123976 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.102226019 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.103415966 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.103426933 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.103629112 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.104708910 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.104747057 CEST4434970751.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.104805946 CEST49707443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.160223007 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.160268068 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.161230087 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.161461115 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.161474943 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.598742008 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:08.919286966 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.919367075 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.920476913 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.920490980 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.920686007 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.921725035 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.921762943 CEST4434970851.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.921818972 CEST49708443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.973316908 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.973342896 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:08.973433971 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.973625898 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:08.973638058 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:09.775644064 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:09.775724888 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:09.776978016 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:09.776988029 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:09.777193069 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:09.778223991 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:09.778263092 CEST4434970951.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:09.778321028 CEST49709443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.014442921 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.014478922 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.014584064 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.014843941 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.014857054 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.774523973 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.774605989 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.775871992 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.775883913 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.776086092 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.777267933 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:10.777304888 CEST4434971051.104.136.2192.168.2.16
                        Aug 29, 2024 22:23:10.777360916 CEST49710443192.168.2.1651.104.136.2
                        Aug 29, 2024 22:23:11.004781961 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:11.335716009 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:12.770742893 CEST49673443192.168.2.16204.79.197.203
                        Aug 29, 2024 22:23:15.806797981 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:17.527848005 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:17.527903080 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:17.527986050 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:17.528366089 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:17.528378010 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.317003012 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.317080975 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.319103956 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.319116116 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.319361925 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.319921017 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.319921017 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.319951057 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636647940 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636667013 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636697054 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636739016 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.636753082 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636768103 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.636785984 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.636835098 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.637228966 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.637228966 CEST49713443192.168.2.1620.190.160.20
                        Aug 29, 2024 22:23:18.637243986 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:18.637250900 CEST4434971320.190.160.20192.168.2.16
                        Aug 29, 2024 22:23:20.948744059 CEST49678443192.168.2.1620.189.173.10
                        Aug 29, 2024 22:23:25.410830021 CEST4968080192.168.2.16192.229.211.108
                        Aug 29, 2024 22:23:28.157552958 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.157602072 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.157681942 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.157996893 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.158011913 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.793468952 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.793751001 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.793771982 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.794621944 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.794688940 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.795757055 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.795815945 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.848759890 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:28.848768950 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:28.896764040 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:38.708329916 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:38.708395004 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:38.708458900 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:39.657336950 CEST49721443192.168.2.16142.250.185.100
                        Aug 29, 2024 22:23:39.657368898 CEST44349721142.250.185.100192.168.2.16
                        Aug 29, 2024 22:23:40.296108961 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.296148062 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:40.296242952 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.297166109 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.297180891 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:40.886610031 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:40.886804104 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.888310909 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.888319016 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:40.888554096 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:40.889969110 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:40.932509899 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.092298031 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.092339993 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.092355967 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.092478991 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.092499018 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.092581034 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.093156099 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.093200922 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.093225002 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.093228102 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.093278885 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.102135897 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.102150917 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:23:41.102160931 CEST49722443192.168.2.1620.12.23.50
                        Aug 29, 2024 22:23:41.102166891 CEST4434972220.12.23.50192.168.2.16
                        Aug 29, 2024 22:24:28.221227884 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:28.221283913 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.221402884 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:28.221632957 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:28.221647024 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.850538015 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.850991011 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:28.851012945 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.851352930 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.851758003 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:28.851816893 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:28.897922039 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:38.944309950 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:38.944376945 CEST44349724172.217.16.132192.168.2.16
                        Aug 29, 2024 22:24:38.944578886 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:39.663186073 CEST49724443192.168.2.16172.217.16.132
                        Aug 29, 2024 22:24:39.663216114 CEST44349724172.217.16.132192.168.2.16

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 22:23:23.321640015 CEST53500291.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:23.461574078 CEST53644381.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:24.425908089 CEST53592891.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:28.149847031 CEST5073653192.168.2.161.1.1.1
                        Aug 29, 2024 22:23:28.149990082 CEST6059553192.168.2.161.1.1.1
                        Aug 29, 2024 22:23:28.156593084 CEST53507361.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:28.156743050 CEST53605951.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:41.434932947 CEST53569661.1.1.1192.168.2.16
                        Aug 29, 2024 22:23:58.162542105 CEST138138192.168.2.16192.168.2.255
                        Aug 29, 2024 22:24:00.997261047 CEST53617231.1.1.1192.168.2.16
                        Aug 29, 2024 22:24:21.681196928 CEST137137192.168.2.16192.168.2.255
                        Aug 29, 2024 22:24:22.438018084 CEST137137192.168.2.16192.168.2.255
                        Aug 29, 2024 22:24:23.200004101 CEST137137192.168.2.16192.168.2.255
                        Aug 29, 2024 22:24:23.323210955 CEST53558831.1.1.1192.168.2.16
                        Aug 29, 2024 22:24:23.351691961 CEST53565151.1.1.1192.168.2.16
                        Aug 29, 2024 22:24:28.212655067 CEST5613753192.168.2.161.1.1.1
                        Aug 29, 2024 22:24:28.212811947 CEST5516353192.168.2.161.1.1.1
                        Aug 29, 2024 22:24:28.220208883 CEST53561371.1.1.1192.168.2.16
                        Aug 29, 2024 22:24:28.220227003 CEST53551631.1.1.1192.168.2.16
                        Aug 29, 2024 22:24:51.310882092 CEST53569701.1.1.1192.168.2.16

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 29, 2024 22:23:28.149847031 CEST192.168.2.161.1.1.10x4c60Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Aug 29, 2024 22:23:28.149990082 CEST192.168.2.161.1.1.10x789fStandard query (0)www.google.com65IN (0x0001)false
                        Aug 29, 2024 22:24:28.212655067 CEST192.168.2.161.1.1.10xe961Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Aug 29, 2024 22:24:28.212811947 CEST192.168.2.161.1.1.10x8faStandard query (0)www.google.com65IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 29, 2024 22:23:28.156593084 CEST1.1.1.1192.168.2.160x4c60No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                        Aug 29, 2024 22:23:28.156743050 CEST1.1.1.1192.168.2.160x789fNo error (0)www.google.com65IN (0x0001)false
                        Aug 29, 2024 22:24:28.220208883 CEST1.1.1.1192.168.2.160xe961No error (0)www.google.com172.217.16.132A (IP address)IN (0x0001)false
                        Aug 29, 2024 22:24:28.220227003 CEST1.1.1.1192.168.2.160x8faNo error (0)www.google.com65IN (0x0001)false

                        HTTP Request Dependency Graph

                        • fs.microsoft.com
                        • slscr.update.microsoft.com
                        • login.live.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.1649699184.28.90.27443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:00 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2024-08-29 20:23:00 UTC467INHTTP/1.1 200 OK
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        Content-Type: application/octet-stream
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        Server: ECAcc (lpl/EF06)
                        X-CID: 11
                        X-Ms-ApiVersion: Distribute 1.2
                        X-Ms-Region: prod-weu-z1
                        Cache-Control: public, max-age=134033
                        Date: Thu, 29 Aug 2024 20:23:00 GMT
                        Connection: close
                        X-CID: 2


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.1649700184.28.90.27443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:01 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                        Range: bytes=0-2147483646
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2024-08-29 20:23:01 UTC515INHTTP/1.1 200 OK
                        ApiVersion: Distribute 1.1
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        Content-Type: application/octet-stream
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        Server: ECAcc (lpl/EF06)
                        X-CID: 11
                        X-Ms-ApiVersion: Distribute 1.2
                        X-Ms-Region: prod-weu-z1
                        Cache-Control: public, max-age=133985
                        Date: Thu, 29 Aug 2024 20:23:01 GMT
                        Content-Length: 55
                        Connection: close
                        X-CID: 2
                        2024-08-29 20:23:01 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.164970220.12.23.50443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:03 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fZGscnFdnnun8rV&MD=w+5p1Vf2 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                        Host: slscr.update.microsoft.com
                        2024-08-29 20:23:03 UTC560INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                        MS-CorrelationId: d956be79-f0b9-48e3-9db9-6f6f4039bb20
                        MS-RequestId: 501d1c6b-673d-4cc0-a37f-d7d1a0cc96d5
                        MS-CV: Rpdnk0jfZEuGkAVg.0
                        X-Microsoft-SLSClientCache: 2880
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Thu, 29 Aug 2024 20:23:02 GMT
                        Connection: close
                        Content-Length: 24490
                        2024-08-29 20:23:03 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                        2024-08-29 20:23:03 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.164970320.190.160.20443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:04 UTC422OUTPOST /RST2.srf HTTP/1.0
                        Connection: Keep-Alive
                        Content-Type: application/soap+xml
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                        Content-Length: 3592
                        Host: login.live.com
                        2024-08-29 20:23:04 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                        2024-08-29 20:23:05 UTC569INHTTP/1.1 200 OK
                        Cache-Control: no-store, no-cache
                        Pragma: no-cache
                        Content-Type: application/soap+xml; charset=utf-8
                        Expires: Thu, 29 Aug 2024 20:22:05 GMT
                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                        Referrer-Policy: strict-origin-when-cross-origin
                        x-ms-route-info: C538_BL2
                        x-ms-request-id: 2fba506d-4fea-46ac-90c3-ad5a6c68a1e1
                        PPServer: PPV: 30 H: BL02EPF00027B43 V: 0
                        X-Content-Type-Options: nosniff
                        Strict-Transport-Security: max-age=31536000
                        X-XSS-Protection: 1; mode=block
                        Date: Thu, 29 Aug 2024 20:23:04 GMT
                        Connection: close
                        Content-Length: 11389
                        2024-08-29 20:23:05 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.164970420.190.160.20443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:06 UTC422OUTPOST /RST2.srf HTTP/1.0
                        Connection: Keep-Alive
                        Content-Type: application/soap+xml
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                        Content-Length: 4710
                        Host: login.live.com
                        2024-08-29 20:23:06 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                        2024-08-29 20:23:06 UTC569INHTTP/1.1 200 OK
                        Cache-Control: no-store, no-cache
                        Pragma: no-cache
                        Content-Type: application/soap+xml; charset=utf-8
                        Expires: Thu, 29 Aug 2024 20:22:06 GMT
                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                        Referrer-Policy: strict-origin-when-cross-origin
                        x-ms-route-info: C538_SN1
                        x-ms-request-id: 567c445a-e79b-4dd9-8bf7-bec5b2b34c3e
                        PPServer: PPV: 30 H: SN1PEPF0002F94C V: 0
                        X-Content-Type-Options: nosniff
                        Strict-Transport-Security: max-age=31536000
                        X-XSS-Protection: 1; mode=block
                        Date: Thu, 29 Aug 2024 20:23:06 GMT
                        Connection: close
                        Content-Length: 10173
                        2024-08-29 20:23:06 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.164970520.190.160.20443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:06 UTC422OUTPOST /RST2.srf HTTP/1.0
                        Connection: Keep-Alive
                        Content-Type: application/soap+xml
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                        Content-Length: 4775
                        Host: login.live.com
                        2024-08-29 20:23:06 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                        2024-08-29 20:23:06 UTC569INHTTP/1.1 200 OK
                        Cache-Control: no-store, no-cache
                        Pragma: no-cache
                        Content-Type: application/soap+xml; charset=utf-8
                        Expires: Thu, 29 Aug 2024 20:22:06 GMT
                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                        Referrer-Policy: strict-origin-when-cross-origin
                        x-ms-route-info: C538_SN1
                        x-ms-request-id: 5a158921-2f4f-475b-b6f2-1a283f62fe08
                        PPServer: PPV: 30 H: SN1PEPF0002F9F8 V: 0
                        X-Content-Type-Options: nosniff
                        Strict-Transport-Security: max-age=31536000
                        X-XSS-Protection: 1; mode=block
                        Date: Thu, 29 Aug 2024 20:23:05 GMT
                        Connection: close
                        Content-Length: 11409
                        2024-08-29 20:23:06 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.164971320.190.160.20443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:18 UTC422OUTPOST /RST2.srf HTTP/1.0
                        Connection: Keep-Alive
                        Content-Type: application/soap+xml
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                        Content-Length: 4762
                        Host: login.live.com
                        2024-08-29 20:23:18 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                        2024-08-29 20:23:18 UTC569INHTTP/1.1 200 OK
                        Cache-Control: no-store, no-cache
                        Pragma: no-cache
                        Content-Type: application/soap+xml; charset=utf-8
                        Expires: Thu, 29 Aug 2024 20:22:18 GMT
                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                        Referrer-Policy: strict-origin-when-cross-origin
                        x-ms-route-info: C538_SN1
                        x-ms-request-id: a984e73a-552d-4689-9a7b-d9ec55cc0b55
                        PPServer: PPV: 30 H: SN1PEPF0002F94F V: 0
                        X-Content-Type-Options: nosniff
                        Strict-Transport-Security: max-age=31536000
                        X-XSS-Protection: 1; mode=block
                        Date: Thu, 29 Aug 2024 20:23:17 GMT
                        Connection: close
                        Content-Length: 10197
                        2024-08-29 20:23:18 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.164972220.12.23.50443
                        TimestampBytes transferredDirectionData
                        2024-08-29 20:23:40 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fZGscnFdnnun8rV&MD=w+5p1Vf2 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                        Host: slscr.update.microsoft.com
                        2024-08-29 20:23:41 UTC560INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                        MS-CorrelationId: 11bd3bd2-e8f0-405d-85e6-1cd364c285f8
                        MS-RequestId: 5918806c-26b4-4d6a-8e42-a87c83ce9ca1
                        MS-CV: euk5JAswekalpo4+.0
                        X-Microsoft-SLSClientCache: 1440
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Thu, 29 Aug 2024 20:23:40 GMT
                        Connection: close
                        Content-Length: 30005
                        2024-08-29 20:23:41 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                        2024-08-29 20:23:41 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:16:22:52
                        Start date:29/08/2024
                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\52e69dd2-1038-4cc3-9a28-bd4e33724309.eml"
                        Imagebase:0x860000
                        File size:34'446'744 bytes
                        MD5 hash:91A5292942864110ED734005B7E005C0
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:14
                        Start time:16:23:16
                        Start date:29/08/2024
                        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CCF90C33-8674-4F41-8D53-541E86A85C8C" "418CE8A4-BC4B-4A98-89AA-7B01E6DED6D1" "5888" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                        Imagebase:0x7ff606100000
                        File size:710'048 bytes
                        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:16
                        Start time:16:23:21
                        Start date:29/08/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html
                        Imagebase:0x7ff7f9810000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:17
                        Start time:16:23:22
                        Start date:29/08/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,10009891405383633377,35990076892042290,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                        Imagebase:0x7ff7f9810000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:21
                        Start time:16:24:09
                        Start date:29/08/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html
                        Imagebase:0x7ff7f9810000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:22
                        Start time:16:24:09
                        Start date:29/08/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2024,i,13461734001401825318,9834046241119500868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                        Imagebase:0x7ff7f9810000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:24
                        Start time:16:24:29
                        Start date:29/08/2024
                        Path:C:\Windows\System32\rundll32.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        Imagebase:0x7ff6789c0000
                        File size:71'680 bytes
                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly