Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Potential Phish.msg

Overview

General Information

Sample name:Potential Phish.msg
Analysis ID:1521411
MD5:5f7e13b7ad5082a2ebbbe3c77421d928
SHA1:59bd9d2ecf11603790cf90e293552eae076ca457
SHA256:a2dbcbd7a2131c6c768172875f564a6aa8ec29852b4b2d7a326a99fcb74ddd76
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7412 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Potential Phish.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7800 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7E47DA79-F67B-43D1-9121-2D5D2E67A194" "8E3ED8AE-3152-46CE-B1B9-A687C01853FA" "7412" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 7928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://long-experience-225576.framer.app/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1932,i,11207979111998239953,10789510869604569881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7412, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RWKTB3AY\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7412, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://long-experience-225576.framer.app/SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://long-experience-225576.framer.app/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 13.32.27.14 13.32.27.14
Source: Joe Sandbox ViewIP Address: 35.71.142.77 35.71.142.77
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mwwHDWk27LHF6VG&MD=1UxVM9wz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mwwHDWk27LHF6VG&MD=1UxVM9wz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: long-experience-225576.framer.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2 HTTP/1.1Host: www.framer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://long-experience-225576.framer.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://long-experience-225576.framer.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2 HTTP/1.1Host: www.framer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://long-experience-225576.framer.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://long-experience-225576.framer.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2 HTTP/1.1Host: www.framer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://long-experience-225576.framer.appsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://long-experience-225576.framer.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: long-experience-225576.framer.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://long-experience-225576.framer.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: long-experience-225576.framer.app
Source: global trafficDNS traffic detected: DNS query: www.framer.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAlt-Svc: h3=":443"; ma=2592000Cache-Control: public, max-age=0, must-revalidateContent-Type: text/html; charset=utf-8Date: Sat, 28 Sep 2024 07:50:10 GMTServer: Framer/875dde8Strict-Transport-Security: max-age=31536000Connection: closeTransfer-Encoding: chunked
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAlt-Svc: h3=":443"; ma=2592000Connection: closeServer: Framer/875dde8Strict-Transport-Security: max-age=31536000Date: Sat, 28 Sep 2024 07:50:13 GMTContent-Length: 0
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.aadrm.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.aadrm.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.cortana.ai
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.office.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.onedrive.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://api.scheduler.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://app.powerbi.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://augloop.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://canary.designerapp.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.entity.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cortana.ai
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cortana.ai/api
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://cr.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://d.docs.live.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dev.cortana.ai
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://devnull.onenote.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://directory.services.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ecs.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://graph.windows.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://graph.windows.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://invites.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://lifecycle.office.com
Source: chromecache_76.7.drString found in binary or memory: https://login.framer.com/sign-up/?ref=site-404&redirect=https%3A%2F%2Fframer.com%2F
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.windows.local
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: Potential Phish.msg, ~WRS{86E996DA-7AF1-4AB4-8BFD-6811931B9214}.tmp.0.drString found in binary or memory: https://long-experience-225576.framer.app/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://make.powerautomate.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://management.azure.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://management.azure.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://messaging.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://mss.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ncus.contentsync.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officeapps.live.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://onedrive.live.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office365.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office365.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://res.cdn.office.net
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://service.powerapps.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://settings.outlook.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://staging.cortana.ai
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://substrate.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://tasks.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://wus2.contentsync.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff)
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2)
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff)
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2)
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff)
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2
Source: chromecache_76.7.drString found in binary or memory: https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2)
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drString found in binary or memory: https://www.yammer.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: classification engineClassification label: mal48.winMSG@18/31@6/5
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240928T0349170146-7412.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Potential Phish.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7E47DA79-F67B-43D1-9121-2D5D2E67A194" "8E3ED8AE-3152-46CE-B1B9-A687C01853FA" "7412" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://long-experience-225576.framer.app/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1932,i,11207979111998239953,10789510869604569881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7E47DA79-F67B-43D1-9121-2D5D2E67A194" "8E3ED8AE-3152-46CE-B1B9-A687C01853FA" "7412" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://long-experience-225576.framer.app/Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1932,i,11207979111998239953,10789510869604569881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://long-experience-225576.framer.app/100%SlashNextCredential Stealing type: Phishing & Social Engineering
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
long-experience-225576.framer.app
35.71.142.77
truefalse
    		unknown
    www.framer.com
    		13.32.27.14
    		truefalse
      		unknown
      www.google.com
      		216.58.206.68
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2false
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://api.diagnosticssdf.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://login.microsoftonline.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://shell.suite.office.com:144376E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://designerapp.azurewebsites.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://autodiscover-s.outlook.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://useraudit.o365auditrealtimeingestion.manage.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/connectors76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cdn.entity.76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.addins.omex.office.net/appinfo/query76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/user/v1.0/tenantassociationkey76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://powerlift.acompli.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://rpsticket.partnerservices.getmicrosoftkey.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://lookup.onenote.com/lookup/geolocation/v176E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cortana.ai76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.powerbi.com/v1.0/myorg/imports76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cloudfiles.onenote.com/upload.aspx76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://entitlement.diagnosticssdf.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.aadrm.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://ofcrecsvcapi-int.azurewebsites.net/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://canary.designerapp.76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://ic3.teams.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://www.yammer.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.microsoftstream.com/api/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
            		unknown
            https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cr.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
            • URL Reputation: safe
            		unknown
            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
              		unknown
              https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2)chromecache_76.7.drfalse
                		unknown
                https://messagebroker.mobile.m365.svc.cloud.microsoft76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                • URL Reputation: safe
                		unknown
                https://otelrules.svc.static.microsoft76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  		unknown
                  https://portal.office.com/account/?ref=ClientMeControl76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://clients.config.office.net/c2r/v1.0/DeltaAdvisory76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://edge.skype.com/registrar/prod76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://graph.ppe.windows.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://res.getmicrosoftkey.com/api/redemptionevents76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://powerlift-frontdesk.acompli.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://tasks.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://officeci.azurewebsites.net/api/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://sr.outlook.office.net/ws/speech/recognize/assistant/work76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.scheduler.76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://my.microsoftpersonalcontent.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                    		unknown
                    https://store.office.cn/addinstemplate76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.framer.com/sign-up/?ref=site-404&redirect=https%3A%2F%2Fframer.com%2Fchromecache_76.7.drfalse
                      		unknown
                      https://api.aadrm.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://edge.skype.com/rps76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://outlook.office.com/autosuggest/api/v1/init?cvid=76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        		unknown
                        https://globaldisco.crm.dynamics.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://messaging.engagement.office.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://dev0-api.acompli.net/autodetect76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.odwebp.svc.ms76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.diagnosticssdf.office.com/v2/feedback76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.powerbi.com/v1.0/myorg/groups76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://web.microsoftstream.com/video/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.addins.store.officeppe.com/addinstemplate76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://graph.windows.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://dataservice.o365filtering.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://officesetup.getmicrosoftkey.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://analysis.windows.net/powerbi/api76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://prod-global-autodetect.acompli.net/autodetect76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://substrate.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://outlook.office365.com/autodiscover/autodiscover.json76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://consent.config.office.com/consentcheckin/v1.0/consents76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://d.docs.live.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                          		unknown
                          https://safelinks.protection.outlook.com/api/GetPolicy76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://ncus.contentsync.76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            		unknown
                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://weather.service.msn.com/data.aspx76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://apis.live.net/v5.0/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://officepyservice.office.net/service.functionality76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://templatesmetadata.office.net/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://messaging.lifecycle.office.com/76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://mss.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://pushchannel.1drv.ms76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://management.azure.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://outlook.office365.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://wus2.contentsync.76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://incidents.diagnostics.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff)chromecache_76.7.drfalse
                              		unknown
                              https://clients.config.office.net/user/v1.0/ios76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://make.powerautomate.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://api.addins.omex.office.net/api/addins/search76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://insertmedia.bing.office.net/odc/insertmedia76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://outlook.office365.com/api/v1.0/me/Activities76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://api.office.net76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://incidents.diagnosticssdf.office.com76E9BA02-BB49-4919-B9F6-B46CD471DF8E.0.drfalse
                              • URL Reputation: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              13.32.27.14
                              		www.framer.comUnited States
                              		7018ATT-INTERNET4USfalse
                              35.71.142.77
                              		long-experience-225576.framer.appUnited States
                              		237MERIT-AS-14USfalse
                              216.58.206.68
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse

                              Private

                              IP
                              192.168.2.5

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1521411
                              Start date and time:2024-09-28 09:48:02 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 7m 33s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:10
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:Potential Phish.msg
                              Detection:MAL
                              Classification:mal48.winMSG@18/31@6/5
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              Cookbook Comments:
                              • Found application associated with file extension: .msg
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 104.208.16.92, 199.232.214.172, 142.250.185.131, 142.250.185.238, 64.233.167.84, 34.104.35.123, 142.250.186.35, 142.250.186.78
                              • Excluded domains from analysis (whitelisted): clients1.google.com, ecs.office.com, client.wns.windows.com, accounts.google.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, clientservices.googleapis.com, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, onedscolprdcus23.centralus.cloudapp.azure.com, clients2.google.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, config.officeapps.live.com, update.googleapis.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • VT rate limit hit for: Potential Phish.msg

                              Simulations

                              Behavior and APIs

                              No simulations

                              LLM Input / Output

                              InputOutput
                              URL: https://long-experience-225576.framer.app/ Model: jbxai
                              {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign Up for Free",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                              URL: Email Model: jbxai
                              {
"brand":["Forwarding Proyectos,
 S.A."],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              239.255.255.250https://long-experience-225576.framer.app/Get hashmaliciousUnknownBrowse
                                http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                  http://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                    http://vce.bxsrtdfxr.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                      http://btservice231.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                        https://tikctk.com/www/Get hashmaliciousUnknownBrowse
                                          http://shaw-102219.weeblysite.com/Get hashmaliciousUnknownBrowse
                                            https://flowcode.com/p/eDpQ5mDpFO?fc=0/Get hashmaliciousHTMLPhisherBrowse
                                              https://31g323452vg34v5g5ufg6tfgfgg45hj4jjh4j5h4jh545hh4jh65.weebly.com/Get hashmaliciousUnknownBrowse
                                                http://bt-103431.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                  13.32.27.14https://effective-teammates-567500.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                    https://didactic-rotary-locatetime.pages.dev/Get hashmaliciousUnknownBrowse
                                                      c1.pdfGet hashmaliciousHTMLPhisherBrowse
                                                        http://pub-4d560104a89740f899e90e13245f1971.r2.dev/doc_start.htmlGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                          http://pub-647efec841f2469ea102ef18827f7780.r2.dev/secure_response.htmlGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                            http://pub-853a8c6d224746258050ceb1dd4dc8c3.r2.dev/response_auth.htmlGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                              http://pub-382f9bec371e490e8d86f2689f3915b0.r2.dev/response_start.htmlGet hashmaliciousUnknownBrowse
                                                                http://closingdocuments.z13.web.core.windows.net/Get hashmaliciousHTMLPhisherBrowse
                                                                  f240ecb0-e96b-4ea8-82a8-92bc0559e7adGet hashmaliciousHTMLPhisherBrowse
                                                                    https://s.craft.me/ZspaXX16LRR18XGet hashmaliciousUnknownBrowse
                                                                      35.71.142.77http://Moody-version-176083.framer.appGet hashmaliciousUnknownBrowse
                                                                      • moody-version-176083.framer.app/
                                                                      quotation_-_0070086.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                      • www.charliehaywood.com/sn26/?uzrL=T9+h2Oel98jOWrnD/9UFx4gePdxhRyhr+2brRc2eFmvUfzYoXgDq+Pqo6RTwQt26jeq/&Jj6dX=VlX4oZBhnZA
                                                                      doc#230928330.exeGet hashmaliciousFormBookBrowse
                                                                      • www.charliehaywood.com/sn26/?2dwlCt=T9+h2OeghrnOWbjI/9UFx4gePdxhRyhr+2brRc2eFmvUfzYoXgDq+Pqo6RTaPdG6nci/&9r=gfiLuj20
                                                                      Sales Contract 2023.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                      • www.charliehaywood.com/sn26/?hJB0uXP=T9+h2Oel8sjLULiyjtUFx4gePdxhRyhr+2brRc2eFmvUfzYoXgDq+Pqo6STFMZiBnfH7&4hiPZ=fHJttDcxNzhpe2

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      www.framer.comhttps://long-experience-225576.framer.app/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.90
                                                                      https://effective-teammates-567500.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 13.32.27.14
                                                                      http://Moody-version-176083.framer.appGet hashmaliciousUnknownBrowse
                                                                      • 18.65.39.61
                                                                      https://centered-surface-938474.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 13.32.27.66
                                                                      Child Life Essentials 24-090 (RFP).docxGet hashmaliciousUnknownBrowse
                                                                      • 52.84.106.31
                                                                      http://trusting-whoever-066249.framer.appGet hashmaliciousUnknownBrowse
                                                                      • 13.32.27.14
                                                                      long-experience-225576.framer.apphttps://long-experience-225576.framer.app/Get hashmaliciousUnknownBrowse
                                                                      • 52.223.52.2

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      MERIT-AS-14UShttp://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      http://bt-103431.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://att-service-102729-104589.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://att-109355.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://netzero-102551.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://telstra-101775.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://att-108280-109689.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      https://att-service-106628.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 35.71.131.137
                                                                      http://webde-107343.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                      • 35.82.159.178
                                                                      http://shaw-104529.square.site/Get hashmaliciousUnknownBrowse
                                                                      • 35.71.131.137
                                                                      ATT-INTERNET4UShttps://long-experience-225576.framer.app/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.90
                                                                      http://shaw-102219.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.68
                                                                      http://bt-103431.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 13.32.27.3
                                                                      http://bafybeifqgf7hacp4ugl6xk57ans3phuwnlp3z3gnzdxkrgb5rfaoestwfy.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.36
                                                                      https://cionzbazee-prozeel0g.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 13.32.27.51
                                                                      http://wbmeastlink65dfhgh6565yuyueastlink.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 13.32.27.65
                                                                      http://gasbot-demos.vercel.app/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.26
                                                                      https://klassens55.wixsite.com/my-siteGet hashmaliciousUnknownBrowse
                                                                      • 13.32.27.32
                                                                      http://bridge-a3vigrfjd-pancakeswap.vercel.app/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.10
                                                                      http://juno-101214.square.site/Get hashmaliciousUnknownBrowse
                                                                      • 13.32.27.3

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      28a2c9bd18a11de089ef85a160da29e4https://long-experience-225576.framer.app/Get hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      http://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      http://vce.bxsrtdfxr.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      Website_Redesign_Project.xlsGet hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      http://btservice231.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      https://tikctk.com/www/Get hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      http://shaw-102219.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      https://flowcode.com/p/eDpQ5mDpFO?fc=0/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      https://31g323452vg34v5g5ufg6tfgfgg45hj4jjh4j5h4jh545hh4jh65.weebly.com/Get hashmaliciousUnknownBrowse
                                                                      • 20.190.159.64
                                                                      • 20.114.59.183
                                                                      3b5074b1b5d032e5620f69f9f700ff0eupdate.ps1Get hashmaliciousHTMLPhisherBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      http://btservice231.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      Balance payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      https://31g323452vg34v5g5ufg6tfgfgg45hj4jjh4j5h4jh545hh4jh65.weebly.com/Get hashmaliciousUnknownBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      http://asdfggg.bonkcat.vip/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      https://metamisk-login-1.gitbook.io/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      https://conebaesignin.gitbook.io/Get hashmaliciousHTMLPhisherBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      4xBq1SMyQt.exeGet hashmaliciousXWormBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253
                                                                      https://metamssklogin.gitbook.io/Get hashmaliciousUnknownBrowse
                                                                      • 40.113.110.67
                                                                      • 40.115.3.253

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):231348
                                                                      Entropy (8bit):4.384373588018976
                                                                      Encrypted:false
                                                                      SSDEEP:1536:LXYL5Hgsg95PTQ/8Egs+mNcAz79ysQqt2yitNqoQ3Zrcm0FvLQ4y5JBWODebRVz6:0RgbsbgCmiGu23qoQJrt0FvwBvw+ng5M
                                                                      MD5:0B6626CACDD84EB018FC28E00177BC7E
                                                                      SHA1:C77CEDF7FA2078B1367011E8A1F103CA6E6A0E2E
                                                                      SHA-256:E166E6880F586E01F3D5A350557881E5DF9C1168A05A01A6851639C290E42D78
                                                                      SHA-512:D2BE0CF975946FB6E8B32DA2DD57A45731888E8B7551F7C02823FED24B7DEA5493E7EB365E2D3718B9DFCC3A124D7ECA4562FD5B55BE94D9F1DE801431D64B6C
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:TH02...... .....z.......SM01X...,...0c..z...........IPM.Activity...........h...............h............H..h..o.....O......h........p...H..h\alf ...AppD...hh|..0.....o....h...t...........h........_`.j...h;..t@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. hj?&6....0.o...#h....8.........$hp.......8....."h..............'h..=...........1h...t<.........0h....4.....j../h....h......jH..h....p.....o...-h .......\.o...+h...t......o................. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1869
                                                                      Entropy (8bit):5.094316572700383
                                                                      Encrypted:false
                                                                      SSDEEP:48:cGWydypdSyrvnzy7SymJdy+dydASyNdyrwnzyrMdnzyDkSyrXnzyO:OyEpdbT27bwE+EdAbNEs2Yd2IbT2O
                                                                      MD5:C4FBF2EC594EAE653C35AD785E6401E4
                                                                      SHA1:9139AA136C379DEE91D531EA8F7C4F6840550013
                                                                      SHA-256:CDB0F2FD8A28C617AD15B1190ADEFF20743944118858F80537DBE2C24B9200A0
                                                                      SHA-512:47EF4A1FF59DC28B37620F2F4E9C093845BD60285413304A7B68B71D67BA68194BA77FB074320533AC1566DFFC7B0EA969D60328F5BBA6CE43B299BE41AF59D0
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-09-28T07:49:25Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T14:08:57Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-04T14:08:57Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876226<

                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\76E9BA02-BB49-4919-B9F6-B46CD471DF8E

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):177088
                                                                      Entropy (8bit):5.286762132725482
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Oi2XfRAqcbH41gwEwLe7HW8bM/o/NM5cAZl1p5ihs7EXXCEAD2OdaLI:7Ce7HW8bM/o/9XPkiI
                                                                      MD5:D0A91B612EA1501C2D2795A14AE9DA30
                                                                      SHA1:C4B91B7B41CF0F3C04268575732EBBB358C26AEA
                                                                      SHA-256:A174AD285DF7F168AC98C1AB635C0A0225C1134B669EA39E949BCE09568DEF6F
                                                                      SHA-512:0F58C4D1191B752574413155D24F275402DA319565070E421ED13E9187561611B9971B36C205544CE67CE7DD51DCE73C64B5246D96DE316F343ABB4BEFD6C0B5
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-09-28T07:49:20">.. Build: 16.0.18112.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.04591939678467531
                                                                      Encrypted:false
                                                                      SSDEEP:6:Gt5pcTD3Ilt5pcTD9/X9X01PH4l942wU:yp/Dp6/d0G3L
                                                                      MD5:A499D41E3D56A3702B9DF783F359C17B
                                                                      SHA1:C81BC92FF719A347061F65399D6EEEC28430C6D5
                                                                      SHA-256:41E5B53E08A2D32B32D9F61686925D1D28DD80FFAA2541F5B254FFC895961309
                                                                      SHA-512:632F113362775910B6B5B25B26F23ACC659E0B7849C19513C7FB61016457CC5D75571A61FC28732637FABDA07E6DB1EF21077AF9DE24EF68C21F99AF53BB6DC1
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:..-........................._....`.;...%S&.v.!y..-........................._....`.;...%S&.v.!y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                      Category:modified
                                                                      Size (bytes):49472
                                                                      Entropy (8bit):0.4849453949405866
                                                                      Encrypted:false
                                                                      SSDEEP:48:13Q101Ull7DYMZzO8VFDYMFdKGBBO8VFDYML:6tll4+jVGwdKyjVGC
                                                                      MD5:7FE8E523ED1F309ADD34AA984872A8E6
                                                                      SHA1:B107AAF8B12C32E4AC99869121DBF30E24DEE10D
                                                                      SHA-256:CF14DF9FB68A183EEBEE878E436656BDC8C5AC9338B1805DC7AE32CB86CF4229
                                                                      SHA-512:06DDCC27B4C19E3EBB4DB855736CF586945A7B444DD08B57CC25A40454A796E33D233C2A4637C16F183037A65CADA1D1F0EB92B2CF975D412AA3E2DD497DD5E0
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:7....-...........`.;.....c$...u.........`.;...%.|...zGSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RWKTB3AY\image001.png

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:PNG image data, 417 x 265, 8-bit/color RGBA, non-interlaced
                                                                      Category:dropped
                                                                      Size (bytes):15350
                                                                      Entropy (8bit):7.9321541816465
                                                                      Encrypted:false
                                                                      SSDEEP:192:0Aq/fiix/depJTcQnmD9fK1XZWMkutkFk+G0K8OXufZW3Y8lcse6BV6O7FBZWpy7:0AqXfun8Aht0IW0ufZ2ct6iCFbNCNgD
                                                                      MD5:B7E3AFF755DC4A01E7C1FCC7D9FC1D8E
                                                                      SHA1:B8E8542AD9D50653B9E1A23F2502155071B0B7B9
                                                                      SHA-256:792BA136A0C7E7AED48B108BCBF6F6E5EB1F150A8974290E6695B81FB6434994
                                                                      SHA-512:0A4904E50A7D3C7BDEB45B48D1B2911DC2491225DDDC9748A87F6A421CC0CB81E5E25731410D3D3FD443E8439B85A09622F0B90DA571D4B0DB6EB518E5796AEC
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:.PNG........IHDR.............=.A....sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..|U.....Pq*..T.q...zI4.%.....$...........l}....O....UK............Z.r.Pq.&|.B+TLD....:....g.....}..8.V.}?.M.^{...~~..&.9!..B..._..~.Z.@.!...g....BH.C.".....!B.!.A.".....!B.!..O..!.D.#!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!.A.".....!B.!..sBp...z....Q...q.........y.E.;4..M..F...._Vbh.w&......{M=]8..9..z...?&.}0..;...7`........^\....a.I..;..\z.n.)..&...b...?g.x......v`..B...Hh.[....}....n.$.V]%F7...H9.M...`w....a.hv..s..<.5.Z>..|.R...G.1+...>..^9.I....*..1.. .t....l@.~..h.....~.C...G...N.(h{k...9..68r..a....V..Go..]{p.^.1....m..5..../!..H2C...#....#..3w.s../g...tt B.Q._..W..I..............8.....:...&<..q<u.dDss.....`.....w......F.sm.Va.^w@..=.s0~....BHFt.&.y<2.l<..U...(..-,...C.........D./..?...X{..v}..kg`....5=.....Cga.....*~/........b{N...1.

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RWKTB3AY\image001.png:Zone.Identifier

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):26
                                                                      Entropy (8bit):3.95006375643621
                                                                      Encrypted:false
                                                                      SSDEEP:3:gAWY3n:qY3n
                                                                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                      Malicious:false
                                                                      Reputation:high, very likely benign file
                                                                      Preview:[ZoneTransfer]..ZoneId=3..

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RWKTB3AY\image002.png

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:PNG image data, 253 x 84, 8-bit/color RGBA, non-interlaced
                                                                      Category:dropped
                                                                      Size (bytes):13918
                                                                      Entropy (8bit):7.9798958082645175
                                                                      Encrypted:false
                                                                      SSDEEP:192:h/vNgppw3Na3DmyP/FwrrRIqJNkAndRmcWNoeNpyx4ClWstcQcLlhIDjp/ISA9yb:Vv2EJuArxWuek4KTcLlyQSuoCUeqxWO
                                                                      MD5:AE344ED38632CED59E61BD80C7CFB3D2
                                                                      SHA1:B87B3A32C3465D8B08A1C1BE31E9D5B2CDDE6BEC
                                                                      SHA-256:55BE4B1C8BE74F3CC927CF39BD80ADD0B959C3D56BF53B62CEB1EB0C15F336E1
                                                                      SHA-512:E79BCBA02CDB56EE11F53E668288C1E382B39A4BAB74DB4F2B7258889DEA38BF8C4925658550C81CB8D8751D5387C080E616AEBBC317D8F034FC2C1EE7A5A8AB
                                                                      Malicious:false
                                                                      Preview:.PNG........IHDR.......T.....I&1.....sRGB.........pHYs...%...%.IR$.....tEXtSoftware.Microsoft Office..5q..5.IDATx^.Wp.g......D A..s.Y..H..N.f........|.}.r...r9].l_..[.S3....Q.".3..H..>...h4.@...$......./....E.j.m..........r.{..L..~}...f|e....dg`..p..[<'...Gl....."+.-ZUf9....D.,.B...b...X.l.f....q................o...g`.Y....!..3...Q.z......a9.]"..:.,..^3....D.,.B...f...9yQ.,5......|&.<..%.....y.f . ......j+m...n.6..........Y.b..U.vb...`]......nUw.....;..1+{3.j.-{.^V./....2..>...J{..a..o.c.....|....,.?...|!.@.c....I....w.v..,./.E.);.......+W....u......>9YI.. .gy..v.....b.[.g...l..J/..?G.,'.k...v..).t.Y..^z.%+//......S_.l......G.:m.oN......m.....".S..B.A...6r...<.."..E..R...e..<.....>.C...3...N<k3.!.v..........k.q.}......o..s....~|........6ZV`9.+l.?}.v.:dy.?0..}.3.fb..=y.6..........V..x.r.X$*.....?w.b"z.)$(..7d...X..../*..1.*._./w..o.M|\=..0....8>..9........}v.gg`....-.......,.-....'.d...CX."N..(....{.....y~y..u...Q.O.Ew...j..2

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RWKTB3AY\image002.png:Zone.Identifier

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):26
                                                                      Entropy (8bit):3.95006375643621
                                                                      Encrypted:false
                                                                      SSDEEP:3:gAWY3n:qY3n
                                                                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                      Malicious:false
                                                                      Preview:[ZoneTransfer]..ZoneId=3..

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{86E996DA-7AF1-4AB4-8BFD-6811931B9214}.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):6368
                                                                      Entropy (8bit):3.1438041513508663
                                                                      Encrypted:false
                                                                      SSDEEP:96:BeqJYWIiEF7j5vRd1gdXHlhggggmkMeWhtoCDFScWERr+5bjrzNCcgggA:BvYW2v5YJMxhNPd+
                                                                      MD5:EFB8AD4F6137EA1478626B3E3164AD21
                                                                      SHA1:9CFEAC3A572700C7620C4B3E678E2B17947AE5FB
                                                                      SHA-256:6D4059508FB84DB36D847403F2E7D16E947F44BA5AD4A8E11C743F1424AAB4C1
                                                                      SHA-512:B669D15DC238EE3562F54A19AC3BD4AAC7E425067971CEC111FF38B068F2ACA133876D01002C19B72F7F7B8A51545C8DD3CD29BB8E631D0E12DE2910F3DBF843
                                                                      Malicious:false
                                                                      Preview:......C.O.R.R.E.O. .E.X.T.E.R.N.O...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................H...J...L...N...........H...r...................4...B...D...F...H...h.............................................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727509758159398500_03C124F6-10AB-4CB8-83F1-D641769E957A.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:ASCII text, with very long lines (28767), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):20971520
                                                                      Entropy (8bit):0.17750890719043574
                                                                      Encrypted:false
                                                                      SSDEEP:1536:ydNH9L5HTQKra+QNRyOl2IIyUSBFHJnbn/IzFjgcSb3dTaR+B/RWMGF0fh:4L9rraxPz+2Z5tfh
                                                                      MD5:655C5003B84C0EB9A341BF4309183F6C
                                                                      SHA1:87B73A574C059F55DA6D67DF7875EE2D2FF2222D
                                                                      SHA-256:870CCC5F8B108ABCBBC777C966D98E0158619448314B1A5A82B21CD5DEC02C30
                                                                      SHA-512:01292FE02FE1334ECEED49DB17AB4456EEDE0A8754D504F67607F6BE146BD8C381EC3803F7E3E46AACF2AC2C7BC47393C276F52BF85A232073983E84B9B9EC8F
                                                                      Malicious:false
                                                                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..09/28/2024 07:49:18.224.OUTLOOK (0x1CF4).0x1CF8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-09-28T07:49:18.224Z","Contract":"Office.System.Activity","Activity.CV":"9iTBA6sQuEyD8dZBdp6Veg.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...09/28/2024 07:49:18.240.OUTLOOK (0x1CF4).0x1CF8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-09-28T07:49:18.240Z","Contract":"Office.System.Activity","Activity.CV":"9iTBA6sQuEyD8dZBdp6Veg.4.10","Activity.Duration":13531,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727509758160076200_03C124F6-10AB-4CB8-83F1-D641769E957A.log

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):20971520
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240928T0349170146-7412.etl

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):4.47302448767868
                                                                      Encrypted:false
                                                                      SSDEEP:768:YL2BFABnOfQ1Ha4LLPR9eHq7vGTWZWOX7u+cNJWCmsqmVD:rD4LrR9eHqS4X78Dr
                                                                      MD5:114620E693F0CB23F6DE2D38023718FC
                                                                      SHA1:FC32A6190975843B5143EC85D777B8BD23644BA9
                                                                      SHA-256:67E3B5534E201FF0FC6C3687A6363AC24CA2E1395094FCA4C9EE9FA1F2D5B0B8
                                                                      SHA-512:14F5415C33F9E5CD72545E792E1156AF3A4F6A2225325D6259715E2DEAE9C89B899BA5643E86EBA736288F65A8172709C04E17DB98D9BE3E937C3B84E22210A3
                                                                      Malicious:false
                                                                      Preview:............................................................................d.............s.z...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@P.;..............s.z...........v.2._.O.U.T.L.O.O.K.:.1.c.f.4.:.2.5.7.9.1.7.c.e.0.3.7.4.4.3.6.8.9.e.4.8.a.d.4.1.a.f.e.1.d.2.3.c...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.9.2.8.T.0.3.4.9.1.7.0.1.4.6.-.7.4.1.2...e.t.l...........P.P.............z...................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\~DFEF0E8E1EAF69CA92.TMP

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):163840
                                                                      Entropy (8bit):0.4794702449760909
                                                                      Encrypted:false
                                                                      SSDEEP:384:OCIcFPgyriOrIULWQVMlqiuf5j55iXHOoIMu:OMPl26LWQVMYiuf5j55iXHOPMu
                                                                      MD5:9AAC91E41B6BB1F5401BD1A9DE367BD6
                                                                      SHA1:587D9FD8B55C83E0D854BA73D9B9042DF471FCB6
                                                                      SHA-256:09AD5FEE32A37FD49DEAAE6E6FC0A12B8E73BF3876DD7818B2FA5FA3389E7808
                                                                      SHA-512:A3DA4B9C34D803EBE777489E7BBEAB93008F27DC1109FD429DCC9D668E01BEC1284E189AE78898B11A4D1DA844B4E7F8A4AABCD9CEE17AF38370DAFB119A8645
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):30
                                                                      Entropy (8bit):1.2389205950315936
                                                                      Encrypted:false
                                                                      SSDEEP:3:dlIv:
                                                                      MD5:7317C3B57A2F41D285F233CEDA384CF1
                                                                      SHA1:45A075D29B480DACCAE9D7D26C1F6C40C3BB729A
                                                                      SHA-256:397264EBDB67E482362FBCC4F980DBE0C80D92EB3B3F4786CFC5D98E0271CD42
                                                                      SHA-512:A712DC1C24706853AD5D9CA40C010CABD3714AFB577546C2095CB96B123080E511B2F5A85242B68B6E097EDEC1769F26D77CB5901754E17864D15FC26C031229
                                                                      Malicious:false
                                                                      Preview:..............................

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 06:50:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2677
                                                                      Entropy (8bit):3.9796980101111603
                                                                      Encrypted:false
                                                                      SSDEEP:48:89d3TvXQHIidAKZdA19ehwiZUklqehBy+3:8HbHuy
                                                                      MD5:F6A28E34EE6459C0BEE052F36BB79AF4
                                                                      SHA1:FD93F71166E1E5816DDC1C311194DC32F2144181
                                                                      SHA-256:C53A1FCF1350B1D29182D3675E063266704748BF678686A9F77734A33558A264
                                                                      SHA-512:F2406E722806A5C019271ACD39E833461762795222980FBFA5B918D2E2A120B3428DA051E57B5FD3A96F4154D3828974B53C7B6085A5AC48057BE3894D94C165
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,....&?..{...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<YF>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 06:50:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2679
                                                                      Entropy (8bit):3.9954214663445557
                                                                      Encrypted:false
                                                                      SSDEEP:48:8Ld3TvXQHIidAKZdA1weh/iZUkAQkqehey+2:8Zbt9QHy
                                                                      MD5:F5CDF035FBD8AD297A4D5E091C971539
                                                                      SHA1:87B1AC1E9676081820FDB8609EA2BC9E0916A1FE
                                                                      SHA-256:01801390E5F0B4CC0B5C412B08D3A6014A7C72F7B2BBCF9FCA5B5ABAC25B98B8
                                                                      SHA-512:76CD55118AA8E3F3BFCCDF743DB3CE79459B5097AA27514453A142C4246F0A3D60E475DA4C7967814955EBC4F53FA32BA4DD11197BF85B3AFC53C0F6A44DBF70
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,........{...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<YF>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2693
                                                                      Entropy (8bit):4.00715772351985
                                                                      Encrypted:false
                                                                      SSDEEP:48:8xyd3TvXsHIidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xabhnCy
                                                                      MD5:C4890DF916A96A5472D2D2FCD5EF43B7
                                                                      SHA1:8A9C326DFF561EE84424936B119029592625BCDC
                                                                      SHA-256:BA072E30120870D5DC8200957A4FF8DB78EF6F9DCD046EBDB62D49675D679F01
                                                                      SHA-512:888700BEDBECBDA51AAD2CA7E222701E5C5D7C6BA7EE85BFB8B9E64893916EDA5D26A4ECD0C12813C1DC08C1E0A6D6B06823C0915CD61D211AE7BB9019603D26
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 06:50:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2681
                                                                      Entropy (8bit):3.9946775907089163
                                                                      Encrypted:false
                                                                      SSDEEP:48:8sd3TvXQHIidAKZdA1vehDiZUkwqeh6y+R:8IbOcy
                                                                      MD5:5D459DCFEDD050088F3C9FF53EEB7A10
                                                                      SHA1:C226F10A9104736CDE1206D610A662E34A1190CA
                                                                      SHA-256:355C445E548311728144B287159604CA02214C94D00506524789A08DD5E5B6A8
                                                                      SHA-512:27B98ED0359531EC144C98A8D4D06D1896A389CF49F872C736F0BB7FF527F8FCB5FB6E6E2B4E016030021759682DF407B4682F804C0F451B2D280582C26E428F
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,....+]..{...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<YF>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 06:50:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2681
                                                                      Entropy (8bit):3.9826596826337175
                                                                      Encrypted:false
                                                                      SSDEEP:48:8Jd3TvXQHIidAKZdA1hehBiZUk1W1qehYy+C:87b+94y
                                                                      MD5:840EC95B366CC26DDF066EDFCCA626D7
                                                                      SHA1:BD71B0FFC1189042E5F5024EA29076ECDFB58B3B
                                                                      SHA-256:550B798B858C564BA4A03F86EA208DB32F27789EA53B42CBABFE4C22CB2500A5
                                                                      SHA-512:FE700736ED22255E7FCF33A21A9B72EEE4FE8F589E1C09B04A75D78B8600FADF0C87E514D0517DBDB0398F2E97E37F552559C8ACB225F868232F883DBF2228F5
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,........{...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<YF>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 06:50:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):2683
                                                                      Entropy (8bit):3.9914303445232635
                                                                      Encrypted:false
                                                                      SSDEEP:48:8dd3TvXQHIidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbCy+yT+:8nbgT/TbxWOvTbCy7T
                                                                      MD5:C03FCF07FA0636274F6AEF9428D4AE92
                                                                      SHA1:4779CE87FDD2EFD0B579F912732F337DFB98D97A
                                                                      SHA-256:1ADE4350F8F946B39C968025EB94F7252D4CE9D45F86F83FF48E5E806D280A0A
                                                                      SHA-512:DAB804321D7C3C44C7C52F94A2C817E284252A02576A66303A8AF8D1DC9B1CA14DEC7BCB767E6A060E3EBD779F228FD36646159C85341CDDF840EAA07438DF6F
                                                                      Malicious:false
                                                                      Preview:L..................F.@.. ...$+.,.....=..{...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y.>....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<YE>....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<YE>....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<YE>..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<YF>...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c..~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:Microsoft Outlook email folder (>=2003)
                                                                      Category:dropped
                                                                      Size (bytes):271360
                                                                      Entropy (8bit):1.2817864528004568
                                                                      Encrypted:false
                                                                      SSDEEP:768:D+Qc0otYlemUROJ84bMCimX3yBbSeo22AGkZZBfe8BUTIZ:XymUCXNxMdfeeNZ
                                                                      MD5:467F49A406B93AA9E2479DD06C2E7A4E
                                                                      SHA1:09B5DAD2B79B54B8FF7C7FD4F24B02E337C51703
                                                                      SHA-256:01A192D881175229A91D81FAAF2701AEC84E828EF86B74532C911539954D486C
                                                                      SHA-512:16E8B41CE95B48EAFAD08DAA8E2F430B5ABE965F974B794C1B072F6372F794304CAD926BB341BAFD395868A180BC931E6FA19AB7C1C3C36B646DCED9313D9B38
                                                                      Malicious:false
                                                                      Preview:!BDN..hrSM......\...Dw..........J.......V................@...........@...@...................................@...........................................................................$.......D.......V..............F...............I.....................................................................................................................................................................................................................................................................................................Y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                      Download File
                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):131072
                                                                      Entropy (8bit):1.2298287976804736
                                                                      Encrypted:false
                                                                      SSDEEP:384:PwqHrYjTIXJRkMYxftPT3EmCRxGN2Fu1ZG0yO4rGWSQg4731RDzUsPw6:JrUTIZivQGYMSBfWPUIsf
                                                                      MD5:EFFD118D5AF7618317B334B218CF42AA
                                                                      SHA1:3ECDF3FA631E45B7568EAC9817569080F40F932D
                                                                      SHA-256:04D6B5221BF84BC73987674231FF87784952B5E0EFD31AEA163F1F89C46E61EA
                                                                      SHA-512:38F712E46150CFA64E7E42D3ABA481B726EA2935F5445343B96368F3E58DEDBDF952A61745BCC47FD02917EC96C2E80C4838D88E50D0DAAF03DC9A5382CBB408
                                                                      Malicious:false
                                                                      Preview:.'V.C...`...............z.....................#.!BDN..hrSM......\...Dw..........J.......V................@...........@...@...................................@...........................................................................$.......D.......V..............F...............I.....................................................................................................................................................................................................................................................................................................Y...................................l..t..l.......................................................8.hmv'.Sh.......AAA.6AAAAAAAAAAA.LOA.AcAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL.AAAAAAAAAAA.LcA.A~ALA.AwALA.AxA.A.A.A.A,ALA.AJA.AJALAwApA.A.A.A.AJA.A.A.ALA.A.A.A.A.A.A.A.ALA.A.AJA.A.A.ALAUA.A.A.A.A.ALA8A.A.A.A.A.A.A|AKA.A.A.A.A.AQA.A.A.A.A.A.A.A.A|AKA.A.A.AYApA:A.A.A.A.A.AxA.A.A.A.A,A.A.A.AYApA:A.A.A.AQA.A:A.AJA.A.ALA.A.AJA.A.A.A.

                                                                      Chrome Cache Entry: 76

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:HTML document, ASCII text
                                                                      Category:downloaded
                                                                      Size (bytes):4268
                                                                      Entropy (8bit):4.848263982009917
                                                                      Encrypted:false
                                                                      SSDEEP:48:i6PVbumClCdzVQgq3ymmnO9P2aXSzJF7h2Mm6DPXi2YNiZGgPu:isBQgEyzOQaXi8mzWku
                                                                      MD5:05F4C23596C44046784809ACCCAE4F5E
                                                                      SHA1:51F781603453A8851BF2DF062CBA5D7AC47BE1E8
                                                                      SHA-256:9F95E55F359969CB6825F5B23AF9B6D7D3B2BCCBAC6C5C11A07D1D4356B664AB
                                                                      SHA-512:FFFC5AAAA3BA3C63FBD88B19E83305101ABBE53AC63342358D84AC3A6381EDAB3E2F173A695C911307F3912CAB7805D7464B54C7884ADDE9DE387173F08DC619
                                                                      Malicious:false
                                                                      URL:https://long-experience-225576.framer.app/
                                                                      Preview:<!DOCTYPE html>.<html lang="en">.<meta charset="utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, viewport-fit=cover">.<title>Page Not Found | Framer</title>.<link rel="preload" href="https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2" as="font". type="font/woff2" crossorigin="anonymous"/>.<link rel="preload" href="https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2" as="font". type="font/woff2" crossorigin="anonymous"/>.<link rel="preload" href="https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2" as="font". type="font/woff2" crossorigin="anonymous"/>.<style>. :root {. --color-primary: #ffffff;. --color-secondary: #333333;. --color-tertiary: #777777;. --color-tint: #0099ff;. --font-size-body: 15px;. --font-size-title: 24px;. }.. @media (prefers-color-scheme: dark) {. :root {. --color-primary: #

                                                                      Chrome Cache Entry: 77

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:Web Open Font Format (Version 2), TrueType, length 20024, version 1.0
                                                                      Category:downloaded
                                                                      Size (bytes):20024
                                                                      Entropy (8bit):7.988327609838537
                                                                      Encrypted:false
                                                                      SSDEEP:384:BaxPYZobR3lP4Whz4ODb2q39p7lJH6tqKCdcEmNWERAcvdRz:kxPYC/P5j6M9lJH6zReU/
                                                                      MD5:C6C9CC5CF5101629A4138BB1B7EDC046
                                                                      SHA1:94D6CB5B48A786240314BEA4D197F87BC33E3A5E
                                                                      SHA-256:62BD14B670C4D27D750A20D31B924EF5866E45B1635E769730A57792DD3B52BD
                                                                      SHA-512:1CA7FEF6C40877F02C7BA2BBF079DD5EBCF252DAC6EE54926FAE5DEC3F7D91003560E9F685E0AB4A8BCBCE4384281E37191080D0AFF9B3653821A42362589D05
                                                                      Malicious:false
                                                                      URL:https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2
                                                                      Preview:wOF2......N8.......h..M..........................j..z..x.`..D.....,..@..D..6.$..z. ..[..+.A....vP.U......K....t...S.....8.H....B.C6^..z....j.Y.H....6k....+x.r.......v>.TrQl..hA...u..n..s:....q.O...d...~".[..Efb..D .S.....V.-.^...~..N....J.~C. (.-.A%..A..%%%IP.(.0.<..4. .i.....9.*&.........^....[.......i8+..L(!.A3...s.?..n...1....02F:..P.TF.A.A..#R..F.D....#F...=..{..?...B..P.R....T..C...........'.....-..*C).HU|..,.....X...eGsz.N..fh..X...>X...5a+...9..p..M...O.f.......>..E.@Nt.......R....O.......p..B.W...!r.;..={.....^....u......o..n{#.E..)sJ..1u ."L......T.c.3f...4V..t......o.^.6.. X,....).....{.0..a.|4.M..#...6..9.t../..r9~...Y../...~.wA..\..$.....+ey,.,....P..H....e.Ui.P....c ...nCv.{{B.u..!.1*.K^.bVH.M.zMy..0.BH...o.7..;}F.P...r..A......N.K...Pp...g...E...Ifs....j5.pk..Wg..o!..wp.;........>..y._....A.e9...0.'b<.p``.....B...l.RH]J..........._..,.....Mr..4.#......#.m.e`....zm.....Y."....e.....e2..\...]...u.x.A`q`t...~mIi@.....{.....Y.T.Sq..em...k.../".

                                                                      Chrome Cache Entry: 78

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:Web Open Font Format (Version 2), TrueType, length 20248, version 1.0
                                                                      Category:downloaded
                                                                      Size (bytes):20248
                                                                      Entropy (8bit):7.991218749835485
                                                                      Encrypted:true
                                                                      SSDEEP:384:gjUI0juy6MndjVyL7A9NQs6KUCSdiylYdutAKTJ1RHLDCUTOG/0bllgfjIS:gjUI0juyLn9ewQsQ4mTJXLDC1G/Klijh
                                                                      MD5:7C250B154223D810EA33E61A54EA44E9
                                                                      SHA1:D5C93C110B8ECA3DFF9A07B3B3FC02E706DF1F0A
                                                                      SHA-256:4E6C62AEA082FA5D57929A9674552137402496DA78265BA67A27833C51050589
                                                                      SHA-512:6D786180AA52B9CD453B6896DB0E0B37F49C0E8F5BCF2E354C7F13F4701E535F2552D342D6F9FBA6381A760D4703A2514C907C21469AED722B19FA5A29969352
                                                                      Malicious:false
                                                                      URL:https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2
                                                                      Preview:wOF2......O........\..N..........................j..r..x.`..D...........D..6.$..z. ..|..+.....t...t'HmY..:.n....R....Y.c..m.7g....t....U5. .&"LZ.3.....F..2g.02.....ik.,.t.4.{....y......"..;sw.Z...B...97...en.*..._..+j..b..Q...3!x..1.mESud.Z.+3..*..9.l...H{.J.....t..q.....8...R.g..DU4..U@96.F..~..^...[.P@?P.a.q.Z.D8..V.`.A7+.{.a.Q.....b....R....&....D..m...+\e.g.....=.'{....1i0..lNp..T........J.+.`7T.U0.f...b7o...<.b).,.,x.....q....3..R|.D.......B..(..)P:..s.{....4W..<.-X..:-^d.._...]f*|3....Z..U.F.....cc.`.b.9b0b.0J.I.....(..P_..y..}|._,...j...L..KE.. @E.E:.Q.,u.....D........R.9S4...bY...w....FI>....!W.a.._?..n4.AD.`$)<(..rk.<ma..F|6m.&......@R..W.}._..u....h...T.nfb....W..Z".18.1.../...`.w.............,e]{`........f.Q.a.k.M+.I.^:B9..9...9..fW.Vk....:0.IG+.a-?..{..Q.J~@0..|(..}...0E..%..w....o.....?M.a+.....{R42...S.p..{wF3O.."......YK.7.........@^..J.>}Nz..O.*..M..JQ.Q..K...C..c."...V]t...../CODB..$..0..{.............-...yN...A....gO...\.....(..

                                                                      Chrome Cache Entry: 79

                                                                      Download File
                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      File Type:Web Open Font Format (Version 2), TrueType, length 19032, version 1.0
                                                                      Category:downloaded
                                                                      Size (bytes):19032
                                                                      Entropy (8bit):7.988053206945128
                                                                      Encrypted:false
                                                                      SSDEEP:384:VAH9U0SrJQkCqmgZXZTScILorqjmNamgKBvc0yoNXfg:VW97zkKOXZTpDrqIamdhg
                                                                      MD5:27EFE7989FC51B3DCAE329681D061245
                                                                      SHA1:F8513D5B15571F058DB9776600B26741C96F207E
                                                                      SHA-256:8DF31A855A1E926287C7AA0A46D942A08A33070EDE77D511738E220119BB12B2
                                                                      SHA-512:4BA42FD0F21EB9166F1EBBE2C5181E7053B8A00E66769CDDFA0081979EF5A15A5A9B5CAB061F2CF55F34242FB8E8820A757C9F3106489DB938D0D705CFAF04CA
                                                                      Malicious:false
                                                                      URL:https://www.framer.com/fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2
                                                                      Preview:wOF2......JX..........I..........................j.....x.`..D.....H..@..D..6.$..z. .....+......V...b..R.....[...E...`.`..~/....$.GX._.<3....I...7in.......Dc..7...=.. ...A.M{.....X0....;QT..[....8....Q...,xk..N.".|...HV...-.`......k..*.A.:.]4u.D...s.....g`..>........$....{.A..s%z%....g6uNN.......1}...m.Nl....8..D_..r.vsQ.k.~.:W..S........{.K......MY.....v...f.D.{:.......JI.*?......3b.H.[..Z.v$.Ga.V .WQe..(.V.w.9.B^...W.1...G...E.a?.....6.:.y...n.f.x|y.F(.h1.$..Y"...P.....P...\.......o.~o..:...M..Z..k.$M3Jx.]........i....I-K.........r2...d.a..0.a..A....9......Y._.[.u.A@I#.........}..v.M..........X..#[.w.,..Z...]4.@...i.....)..n'.a#.:..6...9.A...Spr$.*...?.3.v.A.......D4wZ:v..................5..N.gA.....U....R...&..5?....E.I.IV..@.xr9q,....X(...Y^.ZKA...m..{T.....E.V+....D}./G..by...E(j'...ao?Q&cY7.:K.^I|>.z7zzSN.>{...W....d........bb...#. yF.....I6..x.{W%..M.(!._..H..0....;....<.p.-A.Z.[f%..*.jk.u..............i..x..T..;rl.&..$.....

                                                                      Static File Info

                                                                      General

                                                                      File type:CDFV2 Microsoft Outlook Message
                                                                      Entropy (8bit):5.63855050705642
                                                                      TrID:
                                                                      • Outlook Message (71009/1) 58.92%
                                                                      • Outlook Form Template (41509/1) 34.44%
                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                      File name:Potential Phish.msg
                                                                      File size:122'368 bytes
                                                                      MD5:5f7e13b7ad5082a2ebbbe3c77421d928
                                                                      SHA1:59bd9d2ecf11603790cf90e293552eae076ca457
                                                                      SHA256:a2dbcbd7a2131c6c768172875f564a6aa8ec29852b4b2d7a326a99fcb74ddd76
                                                                      SHA512:455716ad45a3f300c482ddee0e72e6216eeab887ee0dbf42175f8dc20e2d65529708776a4f242bc63169f4ff59a9e14d3d9b072bcdaa6b76aa066318a64ed074
                                                                      SSDEEP:1536:liViPaMaakOh0cynCg0tCWZWWC+qEfpMtMy7AGBXBOJuCUDecSRWTb:liViPbkOh0cdcEfoMgAMhKcSRW3
                                                                      TLSH:40C384203AFA521AF2B7EF3249F55497993ABC62AD11C94F2191334E0572A40ED71F3B
                                                                      File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                      Static Mail

                                                                      General

                                                                      Subject:Forwarding Proyectos S.A.
                                                                      From:Miguel Ruiz <miguel.ruiz@forwardingproyectos.com>
                                                                      To:Miguel Ruiz <miguel.ruiz@forwardingproyectos.com>
                                                                      Cc:
                                                                      BCC:
                                                                      Date:Fri, 27 Sep 2024 12:34:50 +0200
                                                                      Communications:
                                                                      • CORREO EXTERNO: Este correo proviene de un remitente externo a la organizacin. Si no reconoce al remitente, revise detenidamente antes de abrir los enlaces o archivos adjuntos. CORREO EXTERNO: Este correo proviene de un remitente externo a la organizacin. Si no reconoce al remitente, revise detenidamente antes de abrir los enlaces o archivos adjuntos. <https://long-experience-225576.framer.app/> Gracias / Thank you Un saludo / Best regards Federico Ruano Project Coordinator M +34 663 993 345 P +34 919 562 683 federico.ruano@forwardingproyectos.com Forwarding Proyectos, S.A. Alsasua 14 28023 Madrid (Spain) forwarding@forwardingproyectos.com Privilegiada y Confidencial. Esta informacin es confidencial y privilegiada. Por favor, notifquemelo inmediatamente si usted no es el destinatario deseado; no se debera copiar este correo electrnico para ningn propsito, ni revelar su contenido a terceros. Sociedad Unipersonal. Privileged and Confidential. This e-mail is confidential and may also be privileged. If you are not the intended recipient, please notify me immediately; you should not copy or use it for any purpose, not disclose its contents to any other person. Single Member Company
                                                                      Attachments:
                                                                      • image001.png
                                                                      • image002.png

                                                                      Headers

                                                                      Key Value
                                                                      Content-Typemultipart/mixed; boundary="===============4546381072124091530=="
                                                                      DateFri, 27 Sep 2024 10:34:50 +0000
                                                                      FromMiguel Ruiz <miguel.ruiz@forwardingproyectos.com>
                                                                      SubjectForwarding Proyectos S.A.
                                                                      ToMiguel Ruiz <miguel.ruiz@forwardingproyectos.com>
                                                                      Message-Id<73358a4abedc4f99ab0f22a6762e9dbe@DU0PR05MB10244.eurprd05.prod.outlook.com>
                                                                      Receivedfrom DU0PR05MB10244.eurprd05.prod.outlook.com ([::1]) by DU0PR05MB10244.eurprd05.prod.outlook.com ([fe80::6b4d:59be:4bb4:6cbe%7]) with Microsoft SMTP Server id 15.20.7982.022; Fri, 27 Sep 2024 10:36:29 +0000
                                                                      Authentication-Resultsdkim=none (message not signed) header.d=none;dmarc=none action=none header.from=forwardingproyectos.com;
                                                                      Thread-TopicForwarding Proyectos S.A.
                                                                      Thread-IndexAdsQx2Ep11ljUO7/SKuygVaIOykU7g==
                                                                      Accept-Languagees-ES, en-US
                                                                      Content-Languageen-US
                                                                      X-MS-Exchange-Organization-AuthAsAnonymous
                                                                      X-MS-Exchange-Organization-AuthSourceAMS0EPF00000195.eurprd05.prod.outlook.com
                                                                      X-MS-Has-Attachyes
                                                                      X-MS-Exchange-Organization-SCL1
                                                                      X-MS-Exchange-Inbox-Rules-Loopcarcarrier.sdr@bergelogistics.com
                                                                      X-MS-TNEF-Correlator43040992-a584-4722-873f-251521571a42
                                                                      arc-seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MNVCbVzBQRuUdpWkyXWhBVa+WOIjmW54KejsK68oq6cDenibLLm0q1RUyjVqMF78hHc17Yy2In9uKa4a8Caw1IaFTRfKDWnkzVuDCC0GU/AHs1sUkWIw/xXqIiVvMiq9ChE1BbUK69OyKzqnHocucGEcHOXYaAI/3Ei18OzSp/clUu/RAivXYrBJKAaY27/ebEf5qtB7J/JlCVoY9ciE/GoU6Nmt9pSrX10+6l+WgOychVgB9MpQeXz0BAgR3Q9DzQljeto8Tcn6mGjK169UfGKKUC4KWf12PTd23T4iDtYnyDG2KZCoExGHZqo8MTB+17ZjDCyWr2s41jgYSIpIyw==
                                                                      arc-message-signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m1k2sThrLr7HSePTovtOiycBIEY1jJ/CZ4qpww4K3LE=; b=LEbPpZ9m3HWLivW6PK5/X6QF7NCOwMpTsBfSFlirj0rx6t/ij6hLbosTJqMmQyeWbsD7UKg7DrMte9DOf4XZuVuUJtlufV52H3ytIBYigRx2bXGEp9m9clMR9Je9INsC4vYVy3RS3Z7VktZBvpICZJVcZMmwRdInCurENDfmsWwflLIojNM3FyPjy7Bo5x37/5+GF5vOva1B+Hwp5oLLp8mIkJbZdrvgTz31SCIlKR29tbUvlRwFX8u+WtJUfMCzxQOwr6RuWKRi7kyPb2EVKtyTMp5bpjOAe0XOvkYuRio1lCUA/dRiPeNn/axwUIF8kSDvRuh/Nbz1FH1NFF0fDQ==
                                                                      arc-authentication-resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=forwardingproyectos.com; dmarc=pass action=none header.from=forwardingproyectos.com; dkim=pass header.d=forwardingproyectos.com; arc=none
                                                                      authentication-resultsspf=pass (sender IP is 40.107.22.133) smtp.mailfrom=forwardingproyectos.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=forwardingproyectos.com;compauth=pass reason=109
                                                                      received-spfPass (protection.outlook.com: domain of forwardingproyectos.com designates 40.107.22.133 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.22.133; helo=EUR05-AM6-obe.outbound.protection.outlook.com; pr=C
                                                                      authentication-results-originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=forwardingproyectos.com;
                                                                      x-ms-traffictypediagnosticVI2P190MB2086:EE_|AS8P190MB1885:EE_|AMS0EPF00000195:EE_|PAVPR05MB9951:EE_|DU0PR05MB10244:EE_|AS2PR05MB10399:EE_|VI1PR05MB3277:EE_
                                                                      X-MS-Office365-Filtering-Correlation-Id5b1f1b19-0ead-49f2-cdc5-08dcdee03f2b
                                                                      x-ms-exchange-senderadcheck1
                                                                      x-ms-exchange-antispam-relay0
                                                                      x-microsoft-antispam-untrustedBCL:0;ARA:13230040|7416014|1800799024|366016|376014|38070700018;
                                                                      x-microsoft-antispam-message-info-originalLhAvW1FFbdfwjCAJjrRt5+4rGbziZLG5MUhG9UdgIi8Z9yxi+LJMq6iP/huoIv7Ievawu4A2sRfbhGSHVnf7CcVqdm4xqd2lyRLkFmFpqcIFfbHsvF/4GcQGURmlZB3XJU9UaMNjQCaCR0m6DeCxZiEtBB5qcdU3R6QhkDm7JYh4ozYhB552stdK+0Te94NORdl3/hQcwq3ndH/kvl+THp0I3IjcTxZY2f62JjBI08n/b/SB42Pmee+aigtkW9iSzT6px+M0f83amw7qZ4WHT8EUQ3Gqn9DoAipQr7cYBSApcwYDtysXdjZfGpQlgIgl3xvJhw/56EJ04NunC0SqY/yAygfSC2F6YsxcvHVquB/2qLbUfdwW96V6C6iZKLfL+NRVclJg64rGq6gJ2AJIPOPZzWtO+NbH1R+C7NQNxJcEhvrvZ5KjmlhE2smmSB8A9j5pU7Tfk9mr18/qgyaf4J9LHmt77MK9mABn/2RfIiGYlk47eR1/PuxksFcMgLWMVClePRJEbX2tMkRx/5mWwTM9Z31QtIX6uc8KvP6Zw5L7rdai5gIRpccG5LEKrIDzo+JsTygHcs1RIgQ/jkoGXoJKOgMlwzU/UQvMuTy5iGjXn42KHvtfUo3akkSReQe85IZsgVGNj8sLCgShwmm9ynMn9nnwAHjJugJ0y+33V2pineQYoSDhal8f8DFz+Elz5gHQtKWetiNppJrmRRmjp3YyHCbE/GQiTh2lyawL5HDM5/R7N0fPR5WkxWXTNmRV+6mdI+2FpQwm+0trnwaIBy47GBAlphKOJocoxDcx3rkXQiVJB5rqC4zPausaOjCk5SmgSIIaRYNnKq0yYhhY6VaWzbmS4+xugxUK6xPNRcJdaxG24CNXAdn4s8ZLk6pHPsJXniOK1o85xzg1bIXNYP/AXq90hK9cKnGCkbPG1hn+WVM/MH8FCP0v80
                                                                      x-forefront-antispam-report-untrustedCIP:255.255.255.255;CTRY:;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI2P190MB2086.EURP190.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
                                                                      x-ms-exchange-antispam-messagedata-original-chunkcount1
                                                                      x-ms-exchange-antispam-messagedata-original-0wHROwsxHvoswB1L0sz4HZ1svajQoS4B/z14dWrL3mXOPXaeUa2jV5gS3E+YkGfu/wz1oSUZL5562zxYQc6K+afWbxilzaICcnd8EnuHepHly1kyGc3e/GrsaO08GK2XB8QgRRzo7VZAd26iP+gittrh/UdzeDu1YIUc7XhKHBTjDIDuiEIzyeeHtxBqkXezDEwT3I1exYlNSHehhNu8fayLJFpBHywoP/Irm9cESZ9M77sAzcx4oiEZcwqWTVkYoSUlKQSGEnwCdiOqqqVYs03Crg8URQjN07QPR3ASgT6WCQjL4ZTfj43jqVloNrKSSCHP4vGPZnnT2rZCWZyclW0J47GzEj+qlKAg/JYSBy/q4MrnFCObSUJt01wAdWDYz4tBFggxexgg95IN62lvXL7ol7i/KDskYSKmx2N3NmFfO/17o3v42NfHFVbXWUB/UHsO1Q39Rjtcuf6w+XhO0h1Q1T5h2EQTNccfrr26n3tXgWlAeXUgE8AeEUn56LwWonVzO5YWBGyNT+kjLzr2e5iYrdktuIjYKbu13Bx8MMyB6hwdj3THtizfDOZPCnQtuDGgkk71wVEKzxJ8j5My8ue8VfJBRajurV6ZlvIjjygKvHxG8ZbmO0JtubDL3f+NuXro82CZ75eiUdA9wTHd6B2C1Oy+f6lVubg9cpKIF9bmk40l7aCFEvHN/lqhVyoskarNQp7G6k9lDM4EM/2rAutjD7VYjJfwRgfyWeuwMB+ui6d2DQEwMd+gytvYdEtFhdC+vQ65ZngYQZ6a7vwlxLvPHwzC8MdaCn0xuJP5VektyYQLtDDdudcLFojH6zwtfU+4HT49MSV4qVNTe7j2v3yf+kW0hgNkOF4CjoNLoqEVGnrFpzr+UjwfZ9DNUA9oZjsqrz8bkOSFbj0VI/CPBYvJaOnt42VCTR7FbYdS7cooLHiOk5dS4wf9
                                                                      x-ms-exchange-transport-crosstenantheadersstampedPAVPR05MB9951
                                                                      x-eopattributedmessage0
                                                                      x-eoptenantattributedmessage35340923-ae24-4b72-950b-2bc4620641ae:0
                                                                      x-ms-exchange-transport-crosstenantheadersstrippedAMS0EPF00000195.eurprd05.prod.outlook.com
                                                                      x-ms-exchange-transport-crosstenantheaderspromotedAMS0EPF00000195.eurprd05.prod.outlook.com
                                                                      x-ms-publictraffictypeEmail
                                                                      x-ms-office365-filtering-correlation-id-prvs0a686556-63c0-4850-cf1a-08dcdee00438
                                                                      X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                      X-Microsoft-AntispamBCL:0;ARA:13230040|12012899012|35042699022;
                                                                      X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR05MB10244.eurprd05.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(12012899012)(35042699022);DIR:INB;
                                                                      x-ms-exchange-crosstenant-originalarrivaltime27 Sep 2024 10:34:52.4521 (UTC)
                                                                      x-ms-exchange-crosstenant-network-message-id80974017-b471-42bf-8f85-08dcdee0056a
                                                                      x-ms-exchange-crosstenant-id35340923-ae24-4b72-950b-2bc4620641ae
                                                                      x-ms-exchange-crosstenant-authsourceAMS0EPF00000195.eurprd05.prod.outlook.com
                                                                      x-ms-exchange-crosstenant-authasAnonymous
                                                                      x-ms-exchange-crosstenant-fromentityheaderInternet
                                                                      x-ms-exchange-transport-endtoendlatency00:00:03.4556772
                                                                      x-ms-exchange-processed-by-bccfoldering15.20.7982.022
                                                                      Resent-From<carcarrier.sdr@bergelogistics.com>
                                                                      X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                                                      X-MS-Exchange-Organization-Network-Message-Id5b1f1b19-0ead-49f2-cdc5-08dcdee03f2b
                                                                      X-MS-Exchange-Parent-Message-Id<VI2P190MB20866DD241EDB0FFEE978FC3F16B2@VI2P190MB2086.EURP190.PROD.OUTLOOK.COM>
                                                                      Auto-Submittedauto-generated
                                                                      X-MS-Exchange-Generated-Message-SourceMailbox Rules Agent
                                                                      Return-Pathcarcarrier.sdr@bergelogistics.com
                                                                      X-MS-Exchange-Organization-ExpirationStartTime27 Sep 2024 10:36:29.8659 (UTC)
                                                                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                      X-MS-Office365-Filtering-Correlation-Id-Prvs80974017-b471-42bf-8f85-08dcdee0056a
                                                                      X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                      X-MS-Exchange-CrossTenant-AuthSourceAMS0EPF00000195.eurprd05.prod.outlook.com
                                                                      X-MS-Exchange-CrossTenant-OriginalArrivalTime27 Sep 2024 10:36:29.3514 (UTC)
                                                                      X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                                                                      X-MS-Exchange-CrossTenant-Id35340923-ae24-4b72-950b-2bc4620641ae
                                                                      X-MS-Exchange-CrossTenant-Network-Message-Id5b1f1b19-0ead-49f2-cdc5-08dcdee03f2b
                                                                      X-MS-Exchange-Transport-CrossTenantHeadersStampedAS2PR05MB10399
                                                                      X-MS-Exchange-Processed-By-BccFoldering15.20.7962.017
                                                                      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                      X-Microsoft-Antispam-Message-InfooSS3MOB2curjzls6ugpPeEM1iXQ/Rv4H7J6zn7Vd7fooBUpkpLgZGlJJGU+q90qS0dlgFazmbxr1y5tsnPJQFcbrnWa6bDgq7hpHhoPaRml2++Eph3hs27MHD+ZasukspbUakWcQKuq/c9h/1WiQgswPBGhT5QUi0aW4Xg7DBMxV0ioweK7qwGsUdvQxFcjYry7Nr5ynJzgfiWXeD/Pj9houdQzLS7D4l6q2LTaaDhbZWRuSKnVp8l0byrZSJvkacy94rSLatK/8XAf2CCAftZ8d8V5CptWL90C0iNnXY43vOz0mvOUc5GAbcG1UisMxu7BgTfHWXVeiubccO0WF8KBihlh0sO9q1ZNubjfE3IvDnOT6BXG7cM8Zmj6CA4DyYuLch9j2zEWWFLV+KZj36x0OhcwesdpaZVvJNY09vFlA4ogZv0rOT+RBRqtUeyakf++nx3JtsmM90aCxSDTCdXjgHLq420eB3AdR6s/CfGRWnpN8qas0n2Z/osMI2GyZ2Z4x155AQwGSLaPDK8xxdtpba3hLLLFKCBYEMfgPn0A4tNZAOFuUST/9qEKSajusncvNZnnnCC8rCCQNpFUfO3bB15qHIkJrFNityW/y4X+gSXJCt69IgePl9JdxHj9HWZuBEhO6xupyA20LEdJdBwhVgwLKeK/wtQSw8YtARFjG8YwKXy7Cf9YloRuCMoyn6ivYn0Bbtge0RbpKZNY6cdiHEosDk6BwSM/GFNlprznu/NV+aEF2Yl4lIQO8FIvMlAblAB90VIF4FiE15dFTj/POMHwUSnfv3l729hS8FeZQLrTDbKAaA3TOgDmcwzEIZkwFeXQ3Tr3Kr6V7r+RSd4UsJMUbsvvKM90p5/2cF3HQg4olQYK/KNNM+umv+ggPlSpnMSVexyG2Ui4j3vIOPu4qig7px94oX0rkYMeCp5U+wH5YNMkSGUwqhhNYK//yaqt
                                                                      X-PhishAlarm-FormatPhishAlarm O365 Add-In/4.4.190
                                                                      MIME-Version1.0
                                                                      dateFri, 27 Sep 2024 12:34:50 +0200

                                                                      File Icon

                                                                      Icon Hash:c4e1928eacb280a2

                                                                      Network Behavior

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Sep 28, 2024 09:49:09.119160891 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.119174004 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.119239092 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.119818926 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.119832039 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.908862114 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.909018993 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.915940046 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.915950060 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.916208982 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.918098927 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.918162107 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.918167114 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:09.918450117 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:09.959414005 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:10.088107109 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:10.088263035 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:10.088363886 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:10.088488102 CEST49738443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:10.088507891 CEST4434973840.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:12.408324003 CEST49674443192.168.2.523.1.237.91
                                                                      Sep 28, 2024 09:49:12.408339977 CEST49675443192.168.2.523.1.237.91
                                                                      Sep 28, 2024 09:49:13.142719030 CEST49673443192.168.2.523.1.237.91
                                                                      Sep 28, 2024 09:49:18.996568918 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:18.996611118 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:18.996676922 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:18.997441053 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:18.997457027 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.773859024 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.773951054 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.779470921 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.779480934 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.779728889 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.782995939 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.783085108 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.783092022 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.785576105 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.831389904 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.987762928 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.987847090 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:19.988080025 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.988472939 CEST49739443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:19.988490105 CEST4434973940.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:22.727754116 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:22.727793932 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:22.728039026 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:22.730384111 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:22.730396986 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:23.510143995 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:23.510415077 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:25.872689009 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:25.872735023 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:25.873100996 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.002059937 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.296818018 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.334623098 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:26.334676027 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:26.334757090 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:26.343410969 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.346342087 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:26.346365929 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553735018 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553755045 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553761959 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553786039 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553798914 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553809881 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553827047 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.553853035 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553874969 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.553905964 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553914070 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553936005 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.553946018 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.553960085 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.553987026 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.553997040 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.554574013 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.554635048 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.554743052 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.574856043 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.574875116 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:26.574892044 CEST49742443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:49:26.574898005 CEST4434974220.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:49:27.149739981 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.149833918 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.224915028 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.224960089 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.225869894 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.226685047 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.226718903 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.226756096 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513653040 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513709068 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513772964 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513833046 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.513860941 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513880968 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.513907909 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.513959885 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.622838020 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.622869015 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:27.622883081 CEST49743443192.168.2.520.190.159.64
                                                                      Sep 28, 2024 09:49:27.622889996 CEST4434974320.190.159.64192.168.2.5
                                                                      Sep 28, 2024 09:49:36.705374002 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:36.705425978 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:36.705490112 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:36.706403971 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:36.706418991 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.644546032 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.644629955 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.671797037 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.671823978 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.672101021 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.677119970 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.677177906 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.677182913 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.677309990 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.723397017 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.851073980 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.851367950 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:49:37.851423025 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.851579905 CEST49745443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:49:37.851604939 CEST4434974540.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:01.164414883 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:01.164449930 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:01.164566994 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:01.165220022 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:01.165231943 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:01.994003057 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:01.994087934 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:01.999361992 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:01.999371052 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:01.999625921 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.002625942 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:02.002715111 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:02.002722979 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.003037930 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:02.047399998 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.180582047 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.181042910 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.181098938 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:02.182496071 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:02.182516098 CEST4434974740.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:02.182526112 CEST49747443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:03.476650953 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:03.476730108 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:03.476809978 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:03.477284908 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:03.477315903 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.297416925 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.297494888 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.299493074 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.299520969 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.299774885 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.308191061 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.355395079 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.639960051 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.639981985 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.639996052 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.640059948 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.640083075 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.640208960 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.641448021 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.641479015 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.641519070 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.641527891 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.641554117 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.641617060 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.642781019 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.644696951 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.644720078 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:04.644735098 CEST49748443192.168.2.520.114.59.183
                                                                      Sep 28, 2024 09:50:04.644751072 CEST4434974820.114.59.183192.168.2.5
                                                                      Sep 28, 2024 09:50:10.571727037 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:10.571744919 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:10.571813107 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:10.572278023 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:10.572288036 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.069134951 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.109834909 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.109853029 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.111491919 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.111552000 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.257232904 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.257380009 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.260940075 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.260951042 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.309227943 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.371619940 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.372723103 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.372809887 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.372818947 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.372859955 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.372865915 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.372941971 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.372982979 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.375744104 CEST49752443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:11.375762939 CEST4434975235.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:11.423738956 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.423779964 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:11.423856020 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.423944950 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.423952103 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:11.424010992 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424103975 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424169064 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:11.424227953 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424356937 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424371958 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:11.424530029 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424544096 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:11.424691916 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:11.424722910 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.162961006 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.163270950 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.163305044 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.164305925 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.164361954 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.165688992 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.165751934 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.165913105 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.166598082 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.166845083 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.166853905 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.168359041 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.168451071 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.169272900 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.169357061 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.169445038 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.169450998 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.176373959 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.176623106 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.176645041 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.180236101 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.180310011 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.180753946 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.180928946 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.180943012 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.206976891 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.206988096 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.221179962 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.221183062 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.221198082 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.252003908 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.267440081 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.463488102 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463522911 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463531971 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463557959 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463568926 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463602066 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463608027 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.463620901 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.463649988 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.463676929 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.468602896 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.468662024 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.468669891 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.468700886 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.468713045 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.468816996 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.470447063 CEST49753443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.470462084 CEST4434975313.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.478451014 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.478872061 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.488903046 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.488914013 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.488944054 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.488959074 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.488966942 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489058971 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489058971 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489073992 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489085913 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489120007 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489444017 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489469051 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489489079 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489522934 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489528894 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489550114 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489550114 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489579916 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.489586115 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489612103 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.489631891 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.565846920 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.565921068 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.565954924 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.565980911 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.565998077 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.566040039 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.568998098 CEST49754443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.569015980 CEST4434975413.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.570080042 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.570173025 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.570194006 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.570276976 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.570297003 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.570322037 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.581448078 CEST49755443192.168.2.513.32.27.14
                                                                      Sep 28, 2024 09:50:12.581486940 CEST4434975513.32.27.14192.168.2.5
                                                                      Sep 28, 2024 09:50:12.608711958 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:12.608748913 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:12.608871937 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:12.610065937 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:12.610076904 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.100783110 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.101156950 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.101175070 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.101620913 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.102009058 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.102083921 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.102200031 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.145576954 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.145591974 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.251760960 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.251842976 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:13.251888037 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.252399921 CEST49756443192.168.2.535.71.142.77
                                                                      Sep 28, 2024 09:50:13.252414942 CEST4434975635.71.142.77192.168.2.5
                                                                      Sep 28, 2024 09:50:16.066816092 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:16.066859961 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:16.066934109 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:16.074421883 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:16.074445963 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:16.746525049 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:16.747030020 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:16.747045994 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:16.748569012 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:16.748627901 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:17.198057890 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:17.198309898 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:17.271935940 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:17.271945000 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:17.381309032 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:24.641504049 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:24.641547918 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:24.641819954 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:24.642565966 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:24.642580986 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.445709944 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.445847988 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.458118916 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.458141088 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.458889008 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.465483904 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.465605021 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.465610981 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.466236115 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.511447906 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.637965918 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.638139009 CEST4434976040.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:25.638271093 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:25.638566971 CEST49760443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:26.639072895 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:26.639147043 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:26.639312029 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:27.612341881 CEST49759443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:50:27.612364054 CEST44349759216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:50:40.849514008 CEST4971280192.168.2.5192.229.221.95
                                                                      Sep 28, 2024 09:50:40.849766970 CEST4971180192.168.2.52.19.126.163
                                                                      Sep 28, 2024 09:50:40.854871988 CEST8049712192.229.221.95192.168.2.5
                                                                      Sep 28, 2024 09:50:40.854932070 CEST4971280192.168.2.5192.229.221.95
                                                                      Sep 28, 2024 09:50:40.855206966 CEST80497112.19.126.163192.168.2.5
                                                                      Sep 28, 2024 09:50:40.855274916 CEST4971180192.168.2.52.19.126.163
                                                                      Sep 28, 2024 09:50:45.898408890 CEST4971880192.168.2.5192.229.221.95
                                                                      Sep 28, 2024 09:50:45.903845072 CEST8049718192.229.221.95192.168.2.5
                                                                      Sep 28, 2024 09:50:45.903913021 CEST4971880192.168.2.5192.229.221.95
                                                                      Sep 28, 2024 09:50:50.499448061 CEST49731443192.168.2.5184.28.90.27
                                                                      Sep 28, 2024 09:50:50.504668951 CEST44349731184.28.90.27192.168.2.5
                                                                      Sep 28, 2024 09:50:50.504745007 CEST49731443192.168.2.5184.28.90.27
                                                                      Sep 28, 2024 09:50:51.474992037 CEST49735443192.168.2.5184.28.90.27
                                                                      Sep 28, 2024 09:50:51.480290890 CEST44349735184.28.90.27192.168.2.5
                                                                      Sep 28, 2024 09:50:51.480370045 CEST49735443192.168.2.5184.28.90.27
                                                                      Sep 28, 2024 09:50:51.707328081 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:51.707390070 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:51.707453012 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:51.708204031 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:51.708219051 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.487188101 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.487276077 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.489574909 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.489590883 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.489866018 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.495682001 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.495932102 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.495938063 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.496165991 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.543400049 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.671097994 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.671186924 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.671401024 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.671806097 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:52.671835899 CEST4434976140.115.3.253192.168.2.5
                                                                      Sep 28, 2024 09:50:52.671852112 CEST49761443192.168.2.540.115.3.253
                                                                      Sep 28, 2024 09:50:56.534527063 CEST4434971523.1.237.91192.168.2.5
                                                                      Sep 28, 2024 09:50:56.534612894 CEST4434971523.1.237.91192.168.2.5
                                                                      Sep 28, 2024 09:50:56.534650087 CEST49715443192.168.2.523.1.237.91
                                                                      Sep 28, 2024 09:50:56.534691095 CEST49715443192.168.2.523.1.237.91
                                                                      Sep 28, 2024 09:51:14.739070892 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:14.739136934 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:14.739214897 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:14.739511967 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:14.739531040 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:15.543296099 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:15.543625116 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:15.543675900 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:15.544174910 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:15.544600964 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:15.544677019 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:15.724014044 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:19.761051893 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:19.761116982 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:19.761187077 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:19.762273073 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:19.762291908 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.562580109 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.562683105 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.569931030 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.569961071 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.570322990 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.702586889 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.702852964 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.702874899 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.703509092 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.747447014 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.877487898 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.877607107 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:20.877684116 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.878556013 CEST49767443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:20.878578901 CEST4434976740.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:25.302870989 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:25.302946091 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:25.303169012 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:25.657726049 CEST49765443192.168.2.5216.58.206.68
                                                                      Sep 28, 2024 09:51:25.657769918 CEST44349765216.58.206.68192.168.2.5
                                                                      Sep 28, 2024 09:51:56.374389887 CEST8049716192.229.221.95192.168.2.5
                                                                      Sep 28, 2024 09:51:56.374514103 CEST4971680192.168.2.5192.229.221.95
                                                                      Sep 28, 2024 09:51:56.764236927 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:56.764313936 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:56.764395952 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:56.765018940 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:56.765048027 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:57.853189945 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:57.853266954 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.858522892 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.858550072 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:57.858943939 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:57.911569118 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.939512014 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.939836979 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.939851046 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:57.940478086 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:57.987406015 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:58.118895054 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:58.119147062 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:51:58.119204998 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:58.119513988 CEST49769443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:51:58.119537115 CEST4434976940.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:00.564476967 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:00.564579964 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:00.564656973 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:00.565310955 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:00.565346956 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.342781067 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.342907906 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.347137928 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.347146034 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.347388029 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.351424932 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.351793051 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.351798058 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.352097034 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.399432898 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.525702953 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.525852919 CEST4434977040.113.110.67192.168.2.5
                                                                      Sep 28, 2024 09:53:01.525904894 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.526129961 CEST49770443192.168.2.540.113.110.67
                                                                      Sep 28, 2024 09:53:01.526139975 CEST4434977040.113.110.67192.168.2.5

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Sep 28, 2024 09:50:10.520354986 CEST5683453192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:10.520499945 CEST5619953192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:10.549216986 CEST53654641.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:10.550728083 CEST53527781.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:10.561106920 CEST53568341.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:10.578823090 CEST53561991.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:11.404078960 CEST6397653192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:11.404642105 CEST5730653192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:11.423082113 CEST53639761.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:11.423235893 CEST53573061.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:11.600048065 CEST53494331.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:16.018421888 CEST5384053192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:16.018641949 CEST5744153192.168.2.51.1.1.1
                                                                      Sep 28, 2024 09:50:16.025378942 CEST53538401.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:16.025499105 CEST53574411.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:29.765549898 CEST53526691.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:50:48.651709080 CEST53602491.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:51:10.128097057 CEST53499061.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:51:11.392435074 CEST53610911.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:51:41.405256033 CEST53564121.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:52:29.691179991 CEST53631211.1.1.1192.168.2.5
                                                                      Sep 28, 2024 09:52:39.702742100 CEST138138192.168.2.5192.168.2.255

                                                                      ICMP Packets

                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                      Sep 28, 2024 09:50:10.578999996 CEST192.168.2.51.1.1.1c24d(Port unreachable)Destination Unreachable

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Sep 28, 2024 09:50:10.520354986 CEST192.168.2.51.1.1.10xf989Standard query (0)long-experience-225576.framer.appA (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:10.520499945 CEST192.168.2.51.1.1.10xd460Standard query (0)long-experience-225576.framer.app65IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.404078960 CEST192.168.2.51.1.1.10xd63Standard query (0)www.framer.comA (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.404642105 CEST192.168.2.51.1.1.10x1e63Standard query (0)www.framer.com65IN (0x0001)false
                                                                      Sep 28, 2024 09:50:16.018421888 CEST192.168.2.51.1.1.10xe69aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:16.018641949 CEST192.168.2.51.1.1.10x3b9Standard query (0)www.google.com65IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Sep 28, 2024 09:50:10.561106920 CEST1.1.1.1192.168.2.50xf989No error (0)long-experience-225576.framer.app35.71.142.77A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:10.561106920 CEST1.1.1.1192.168.2.50xf989No error (0)long-experience-225576.framer.app52.223.52.2A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.423082113 CEST1.1.1.1192.168.2.50xd63No error (0)www.framer.com13.32.27.14A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.423082113 CEST1.1.1.1192.168.2.50xd63No error (0)www.framer.com13.32.27.87A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.423082113 CEST1.1.1.1192.168.2.50xd63No error (0)www.framer.com13.32.27.90A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:11.423082113 CEST1.1.1.1192.168.2.50xd63No error (0)www.framer.com13.32.27.66A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:16.025378942 CEST1.1.1.1192.168.2.50xe69aNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                                                                      Sep 28, 2024 09:50:16.025499105 CEST1.1.1.1192.168.2.50x3b9No error (0)www.google.com65IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • slscr.update.microsoft.com
                                                                      • login.live.com
                                                                      • long-experience-225576.framer.app
                                                                      • https:
                                                                        • www.framer.com

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      0192.168.2.54973840.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:49:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 74 37 33 5a 31 78 6c 5a 45 57 30 46 4a 38 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 34 61 65 35 39 63 39 38 35 31 30 65 63 32 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: st73Z1xlZEW0FJ8x.1Context: d34ae59c98510ec2
                                                                      2024-09-28 07:49:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:49:09 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 74 37 33 5a 31 78 6c 5a 45 57 30 46 4a 38 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 34 61 65 35 39 63 39 38 35 31 30 65 63 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: st73Z1xlZEW0FJ8x.2Context: d34ae59c98510ec2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:49:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 74 37 33 5a 31 78 6c 5a 45 57 30 46 4a 38 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 34 61 65 35 39 63 39 38 35 31 30 65 63 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: st73Z1xlZEW0FJ8x.3Context: d34ae59c98510ec2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:49:10 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:49:10 UTC58INData Raw: 4d 53 2d 43 56 3a 20 52 56 69 66 53 70 2b 4c 2b 30 71 57 33 48 4c 2b 56 42 72 4d 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: RVifSp+L+0qW3HL+VBrMug.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      1192.168.2.54973940.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:49:19 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 41 46 66 49 2b 67 42 69 30 6d 6d 76 37 55 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 35 31 36 66 34 39 61 65 62 66 61 30 32 66 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: 9AFfI+gBi0mmv7UR.1Context: 25516f49aebfa02f
                                                                      2024-09-28 07:49:19 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:49:19 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 41 46 66 49 2b 67 42 69 30 6d 6d 76 37 55 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 35 31 36 66 34 39 61 65 62 66 61 30 32 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9AFfI+gBi0mmv7UR.2Context: 25516f49aebfa02f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:49:19 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 41 46 66 49 2b 67 42 69 30 6d 6d 76 37 55 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 35 31 36 66 34 39 61 65 62 66 61 30 32 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9AFfI+gBi0mmv7UR.3Context: 25516f49aebfa02f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:49:19 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:49:19 UTC58INData Raw: 4d 53 2d 43 56 3a 20 36 30 44 36 6f 37 47 51 35 45 6d 30 78 6c 72 6b 42 37 58 52 72 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: 60D6o7GQ5Em0xlrkB7XRrQ.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.54974220.114.59.183443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:49:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mwwHDWk27LHF6VG&MD=1UxVM9wz HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                      Host: slscr.update.microsoft.com
                                                                      2024-09-28 07:49:26 UTC560INHTTP/1.1 200 OK
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Content-Type: application/octet-stream
                                                                      Expires: -1
                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                      MS-CorrelationId: d4f3cec0-4970-4200-aca7-ab19bc1bfc9a
                                                                      MS-RequestId: 9f68e8e5-35b6-42b4-aa91-97467c1f8502
                                                                      MS-CV: C6D9qukESkmRWcpD.0
                                                                      X-Microsoft-SLSClientCache: 2880
                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                      X-Content-Type-Options: nosniff
                                                                      Date: Sat, 28 Sep 2024 07:49:25 GMT
                                                                      Connection: close
                                                                      Content-Length: 24490
                                                                      2024-09-28 07:49:26 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                      2024-09-28 07:49:26 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      3192.168.2.54974320.190.159.64443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:49:27 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/soap+xml
                                                                      Accept: */*
                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                      Content-Length: 4762
                                                                      Host: login.live.com
                                                                      2024-09-28 07:49:27 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                      2024-09-28 07:49:27 UTC569INHTTP/1.1 200 OK
                                                                      Cache-Control: no-store, no-cache
                                                                      Pragma: no-cache
                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                      Expires: Sat, 28 Sep 2024 07:48:27 GMT
                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                      x-ms-route-info: C545_SN1
                                                                      x-ms-request-id: 902e3626-a0d0-4975-817a-4d38184ff2c4
                                                                      PPServer: PPV: 30 H: SN1PEPF0002F9B3 V: 0
                                                                      X-Content-Type-Options: nosniff
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      X-XSS-Protection: 1; mode=block
                                                                      Date: Sat, 28 Sep 2024 07:49:26 GMT
                                                                      Connection: close
                                                                      Content-Length: 10197
                                                                      2024-09-28 07:49:27 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      4192.168.2.54974540.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:49:37 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 6a 71 4f 32 7a 54 79 50 30 32 78 36 71 46 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 66 66 64 39 35 38 35 30 38 35 35 63 35 64 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: 7jqO2zTyP02x6qFG.1Context: f0ffd95850855c5d
                                                                      2024-09-28 07:49:37 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:49:37 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 6a 71 4f 32 7a 54 79 50 30 32 78 36 71 46 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 66 66 64 39 35 38 35 30 38 35 35 63 35 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7jqO2zTyP02x6qFG.2Context: f0ffd95850855c5d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:49:37 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 6a 71 4f 32 7a 54 79 50 30 32 78 36 71 46 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 66 66 64 39 35 38 35 30 38 35 35 63 35 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7jqO2zTyP02x6qFG.3Context: f0ffd95850855c5d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:49:37 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:49:37 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 31 58 74 76 54 4a 4c 6e 55 36 73 31 6b 51 74 4a 6e 57 41 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: /1XtvTJLnU6s1kQtJnWA3g.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      5192.168.2.54974740.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 34 62 69 49 67 34 38 47 45 6d 6c 68 58 70 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 32 31 33 66 63 64 66 63 65 34 34 37 33 34 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: E4biIg48GEmlhXpU.1Context: fe213fcdfce44734
                                                                      2024-09-28 07:50:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:50:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 34 62 69 49 67 34 38 47 45 6d 6c 68 58 70 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 32 31 33 66 63 64 66 63 65 34 34 37 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: E4biIg48GEmlhXpU.2Context: fe213fcdfce44734<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:50:01 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 34 62 69 49 67 34 38 47 45 6d 6c 68 58 70 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 32 31 33 66 63 64 66 63 65 34 34 37 33 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: E4biIg48GEmlhXpU.3Context: fe213fcdfce44734<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:50:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:50:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 36 37 61 57 49 36 33 2b 45 4b 65 7a 69 66 78 4f 53 38 37 52 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: 267aWI63+EKezifxOS87RQ.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.54974820.114.59.183443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:04 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mwwHDWk27LHF6VG&MD=1UxVM9wz HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Accept: */*
                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                      Host: slscr.update.microsoft.com
                                                                      2024-09-28 07:50:04 UTC560INHTTP/1.1 200 OK
                                                                      Cache-Control: no-cache
                                                                      Pragma: no-cache
                                                                      Content-Type: application/octet-stream
                                                                      Expires: -1
                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                      MS-CorrelationId: 0271b847-c607-4af6-8b21-3ee842ce0910
                                                                      MS-RequestId: 4f569c2e-8827-406b-8c1d-aaa347b210a6
                                                                      MS-CV: STAvvhl8x0qJBVbs.0
                                                                      X-Microsoft-SLSClientCache: 1440
                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                      X-Content-Type-Options: nosniff
                                                                      Date: Sat, 28 Sep 2024 07:50:03 GMT
                                                                      Connection: close
                                                                      Content-Length: 30005
                                                                      2024-09-28 07:50:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                      2024-09-28 07:50:04 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.54975235.71.142.774437868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:11 UTC676OUTGET / HTTP/1.1
                                                                      Host: long-experience-225576.framer.app
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      sec-ch-ua-mobile: ?0
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Upgrade-Insecure-Requests: 1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Sec-Fetch-Site: none
                                                                      Sec-Fetch-Mode: navigate
                                                                      Sec-Fetch-User: ?1
                                                                      Sec-Fetch-Dest: document
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      2024-09-28 07:50:11 UTC302INHTTP/1.1 404 Not Found
                                                                      Alt-Svc: h3=":443"; ma=2592000
                                                                      Cache-Control: public, max-age=0, must-revalidate
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Date: Sat, 28 Sep 2024 07:50:10 GMT
                                                                      Server: Framer/875dde8
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Connection: close
                                                                      Transfer-Encoding: chunked
                                                                      2024-09-28 07:50:11 UTC884INData Raw: 31 30 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 72 61 6d 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 72 61 6d 65 72
                                                                      Data Ascii: 10ac<!DOCTYPE html><html lang="en"><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, viewport-fit=cover"><title>Page Not Found | Framer</title><link rel="preload" href="https://www.framer
                                                                      2024-09-28 07:50:11 UTC2372INData Raw: 20 20 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 74 69 74 6c 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 64 61 72 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 3a 20 23 31 62 31 62 31 62 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 2d 73 65 63 6f 6e 64 61 72 79 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 2d 74 65 72 74 69 61 72 79 3a 20 23 63 63 63 63 63 63 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64
                                                                      Data Ascii: --font-size-title: 24px; } @media (prefers-color-scheme: dark) { :root { --color-primary: #1b1b1b; --color-secondary: #ffffff; --color-tertiary: #cccccc; } } html, body { padd
                                                                      2024-09-28 07:50:11 UTC538INData Raw: 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 73 63 72 69 70 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 74 65 72 74 69 61 72 79 29 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 62 74 6e 2d 2d 73 69 67 6e 2d 75 70 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 74 69 6e 74 29 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: ; } .description { color: var(--color-tertiary); margin-bottom: 30px; line-height: 1.5em; text-align: center; } .btn--sign-up { background-color: var(--color-tint); color: #ffffff;
                                                                      2024-09-28 07:50:11 UTC487INData Raw: 20 31 31 20 4c 20 32 34 20 32 30 20 4c 20 31 35 20 32 30 20 4c 20 31 35 20 32 39 20 4c 20 36 20 32 30 20 5a 22 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 3c 2f 73 76 67 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 20 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 0a 20 20 20 20 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 62 72 2f 3e 0a 20 20 20 20 20 20 20 20 53 69 67 6e 20 75 70 20 66 6f 72
                                                                      Data Ascii: 11 L 24 20 L 15 20 L 15 29 L 6 20 Z" fill="currentColor"></path> </svg> </div> <h1 class="title"> Page Not Found </h1> <div class="description"> The page you are looking for does not exist.<br/> Sign up for


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.54975413.32.27.144437868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:12 UTC627OUTGET /fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2 HTTP/1.1
                                                                      Host: www.framer.com
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      Origin: https://long-experience-225576.framer.app
                                                                      sec-ch-ua-mobile: ?0
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Accept: */*
                                                                      Sec-Fetch-Site: cross-site
                                                                      Sec-Fetch-Mode: cors
                                                                      Sec-Fetch-Dest: font
                                                                      Referer: https://long-experience-225576.framer.app/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      2024-09-28 07:50:12 UTC972INHTTP/1.1 200 OK
                                                                      Content-Type: font/woff2
                                                                      Content-Length: 20024
                                                                      Connection: close
                                                                      Accept-Ranges: bytes
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Disposition: inline; filename="GT-Walsheim-Regular-subset.woff2"
                                                                      ETag: "c6c9cc5cf5101629a4138bb1b7edc046"
                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                      Server: Vercel
                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                      X-Content-Type-Options: nosniff
                                                                      X-Frame-Options: deny
                                                                      X-Matched-Path: /fonts/GT-Walsheim/GT-Walsheim-Regular-subset.woff2
                                                                      X-Vercel-Cache: HIT
                                                                      X-Vercel-Id: fra1::nkp59-1727509752216-59bf5776f870
                                                                      X-Xss-Protection: 1; mode=block
                                                                      Cache-Control: public, max-age=0, must-revalidate
                                                                      Date: Sat, 28 Sep 2024 07:50:12 GMT
                                                                      Vary: Accept-Encoding
                                                                      X-Cache: RefreshHit from cloudfront
                                                                      Via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
                                                                      X-Amz-Cf-Pop: FRA56-C2
                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                      X-Amz-Cf-Id: TilqGLaRMFBVPYLeNrE0qCWfKVAHXCCWvct3LoVcG803pb267_KOTw==
                                                                      2024-09-28 07:50:12 UTC16384INData Raw: 77 4f 46 32 00 01 00 00 00 00 4e 38 00 0e 00 00 00 00 d9 68 00 00 4d dd 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 6a 1b ce 7a 1c 86 78 06 60 00 82 44 11 08 0a 82 a7 2c 81 e9 40 0b 86 44 00 01 36 02 24 03 8c 7a 04 20 05 87 5b 07 93 2b 1b 41 b6 17 d0 db 76 50 d1 9b 55 08 fe ff b6 f4 eb 4b f0 e6 0d 0a 74 07 a9 f1 53 a9 b6 b3 10 d8 38 00 48 e8 87 9a fd ff 7f 42 d2 43 36 5e 03 fd 7a 15 a8 99 9b 6a 16 59 a8 48 06 2e 10 ee 36 6b 89 10 85 ec 2b 78 17 72 cf c7 b4 eb 96 13 01 bf c5 92 76 3e 7f 54 72 51 6c bc e7 68 41 8e f9 b1 75 06 db 6e c4 f7 73 3a ad 10 c3 a4 ca 71 ea 4f 94 12 a2 64 c1 d2 93 f9 7e 22 84 5b af af 45 66 62 dd cd 44 20 a2 53 04 a2 ae 9e bb 56 ef 2d db 5e b5 a9 16 7e 11 c7 4e 8d b1 c4 af 91 4a f3 7e 43 ba 20 28 a8 2d
                                                                      Data Ascii: wOF2N8hMjzx`D,@D6$z [+AvPUKtS8HBC6^zjYH.6k+xrv>TrQlhAuns:qOd~"[EfbD SV-^~NJ~C (-
                                                                      2024-09-28 07:50:12 UTC3640INData Raw: 52 96 05 2b 96 6c 69 de fb e4 9a 09 df c3 2d 2c 84 13 19 09 58 9c bd 09 60 21 e5 20 0a 66 82 b7 00 14 4d 34 c7 18 b0 ab 3d 32 64 de 76 0a 2b 4b 34 fd ad ec b0 19 63 6c 81 1c d1 74 3f 67 53 cc db 4d 8d e0 d1 d4 45 96 a1 19 2b 57 ef 2a af 96 6b 11 0e fd 22 54 e6 1d 61 7f 21 cf a7 44 29 a5 25 10 b4 32 63 e7 72 be 37 cd 20 a8 20 30 9d 5b 09 8a a6 2c c9 5a ae 61 ca 15 e9 17 8a 5d ab 39 5c b3 58 5f d4 c4 41 f1 ce 16 73 fe c7 2a 26 8f c1 15 4a 98 8e bf 79 bc e0 98 af 7f 6c f2 cc 72 f3 08 0f e1 44 47 00 9a e9 12 2a 3d 37 83 27 68 62 59 b2 62 20 47 3d 38 01 17 3d f9 6e ee a1 21 3e be 11 e1 00 fa 03 d7 93 27 90 b0 6c 5d d0 25 66 a1 21 8f ac ec 50 46 91 f3 47 3a ec 1d c8 30 df e4 8c 84 65 0f 41 cb b2 27 05 2d a8 3f 71 72 e1 9f c0 4e 40 35 93 41 60 ce 87 ef 0e 0b 4b
                                                                      Data Ascii: R+li-,X`! fM4=2dv+K4clt?gSME+W*k"Ta!D)%2cr7 0[,Za]9\X_As*&JylrDG*=7'hbYb G=8=n!>'l]%f!PFG:0eA'-?qrN@5A`K


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.54975313.32.27.144437868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:12 UTC626OUTGET /fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2 HTTP/1.1
                                                                      Host: www.framer.com
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      Origin: https://long-experience-225576.framer.app
                                                                      sec-ch-ua-mobile: ?0
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Accept: */*
                                                                      Sec-Fetch-Site: cross-site
                                                                      Sec-Fetch-Mode: cors
                                                                      Sec-Fetch-Dest: font
                                                                      Referer: https://long-experience-225576.framer.app/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      2024-09-28 07:50:12 UTC970INHTTP/1.1 200 OK
                                                                      Content-Type: font/woff2
                                                                      Content-Length: 19032
                                                                      Connection: close
                                                                      Accept-Ranges: bytes
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Disposition: inline; filename="GT-Walsheim-Medium-subset.woff2"
                                                                      ETag: "27efe7989fc51b3dcae329681d061245"
                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                      Server: Vercel
                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                      X-Content-Type-Options: nosniff
                                                                      X-Frame-Options: deny
                                                                      X-Matched-Path: /fonts/GT-Walsheim/GT-Walsheim-Medium-subset.woff2
                                                                      X-Vercel-Cache: HIT
                                                                      X-Vercel-Id: fra1::hx7lz-1727509752295-ff7625dca48f
                                                                      X-Xss-Protection: 1; mode=block
                                                                      Cache-Control: public, max-age=0, must-revalidate
                                                                      Date: Sat, 28 Sep 2024 07:50:12 GMT
                                                                      Vary: Accept-Encoding
                                                                      X-Cache: RefreshHit from cloudfront
                                                                      Via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
                                                                      X-Amz-Cf-Pop: FRA56-C2
                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                      X-Amz-Cf-Id: rk3Q0mkgjogM__-Fzi66hJ7qnIAIAPO0uHkhKhyI3Q8AOGOBImDPoA==
                                                                      2024-09-28 07:50:12 UTC15414INData Raw: 77 4f 46 32 00 01 00 00 00 00 4a 58 00 0e 00 00 00 00 d6 c4 00 00 49 fe 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 6a 1b cb 02 1c 86 78 06 60 00 82 44 11 08 0a 82 a5 48 81 e5 40 0b 86 44 00 01 36 02 24 03 8c 7a 04 20 05 88 14 07 93 2b 1b 82 b2 17 f0 e6 a1 56 ba 13 c4 a6 62 ad ee 52 0b 94 db 1e b8 5b a5 fc 04 45 f5 99 c1 60 e3 60 0c f8 7e 2f d9 ff ff a7 24 1b 47 58 c7 5f 85 3c 33 1b a0 99 87 49 08 95 89 37 69 6e 94 d6 c5 95 0f c8 81 d2 da 44 63 1a c8 37 1b 1a 84 3d 97 e4 8e 20 d5 f6 ee 41 ed 94 99 4d 7b 0b 9b 9f b6 cf 58 30 f5 91 9d fa 3b 51 54 fb d6 5b 8e 8c b0 b3 38 09 0f a1 11 51 d9 94 a5 ba 2c 78 6b dc a7 fc 4e 17 22 12 7c f8 ae d0 ae 48 56 f9 03 16 2d b9 60 17 bd 03 98 d0 81 09 6b b1 c8 2a f1 41 c7 3a f5 5d 34 75 bb 44
                                                                      Data Ascii: wOF2JXIjx`DH@D6$z +VbR[E``~/$GX_<3I7inDc7= AM{X0;QT[8Q,xkN"|HV-`k*A:]4uD
                                                                      2024-09-28 07:50:12 UTC3618INData Raw: 1d 3f 3f 63 06 cb bd bf 12 0c 66 6f ea 64 59 7a 3b dc 4b cd b0 ba 59 64 db 1e 85 3a 62 ba f0 f7 a6 1f 9a 39 35 0e cd f5 6e f3 4b 63 4d 73 f0 96 34 6f 1c 7f fe e2 d3 1f 5c d3 d2 d3 99 15 3d 4c fd de 13 cb ba 98 8b a5 30 74 ad 8d 9d 3f ce d9 25 98 00 e4 4d fd f9 f2 80 dc c1 c0 27 1b a8 92 c6 86 02 80 0d 58 a4 21 5f 8f 90 da 97 bc 6c 4c 5e 0b 9f d4 63 14 46 e9 a9 c1 6b fa 11 c6 c4 39 9c 43 be 7e 43 13 1d 46 67 4b 98 e5 e8 04 58 47 13 a4 0f 0b ea 90 6f 34 fd 8e 01 8d dc ca 68 24 d8 03 e6 e9 54 96 b6 bf 53 21 b2 28 e1 76 8d c1 02 43 18 75 f8 27 09 7c a7 b5 d5 13 96 93 1f 4d 58 4d fc 7a 3d a1 f7 c0 04 90 c4 3f 76 4d cb 48 67 56 74 d7 6c 0f a7 b3 00 e3 1e 08 c4 61 57 5c d3 b7 f5 ab ec 61 ea 49 74 9c 9b 1d 47 39 a2 88 4d 2f cd 1f 02 c4 1a d0 35 e1 9e 60 11 79 3b
                                                                      Data Ascii: ??cfodYz;KYd:b95nKcMs4o\=L0t?%M'X!_lL^cFk9C~CFgKXGo4h$TS!(vCu'|MXMz=?vMHgVtlaW\aItG9M/5`y;


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.54975513.32.27.144437868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:12 UTC624OUTGET /fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2 HTTP/1.1
                                                                      Host: www.framer.com
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      Origin: https://long-experience-225576.framer.app
                                                                      sec-ch-ua-mobile: ?0
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Accept: */*
                                                                      Sec-Fetch-Site: cross-site
                                                                      Sec-Fetch-Mode: cors
                                                                      Sec-Fetch-Dest: font
                                                                      Referer: https://long-experience-225576.framer.app/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      2024-09-28 07:50:12 UTC966INHTTP/1.1 200 OK
                                                                      Content-Type: font/woff2
                                                                      Content-Length: 20248
                                                                      Connection: close
                                                                      Accept-Ranges: bytes
                                                                      Access-Control-Allow-Origin: *
                                                                      Content-Disposition: inline; filename="GT-Walsheim-Bold-subset.woff2"
                                                                      ETag: "7c250b154223d810ea33e61a54ea44e9"
                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                      Server: Vercel
                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                      X-Content-Type-Options: nosniff
                                                                      X-Frame-Options: deny
                                                                      X-Matched-Path: /fonts/GT-Walsheim/GT-Walsheim-Bold-subset.woff2
                                                                      X-Vercel-Cache: HIT
                                                                      X-Vercel-Id: fra1::x25kf-1727509752300-c473f97df977
                                                                      X-Xss-Protection: 1; mode=block
                                                                      Cache-Control: public, max-age=0, must-revalidate
                                                                      Date: Sat, 28 Sep 2024 07:50:12 GMT
                                                                      Vary: Accept-Encoding
                                                                      X-Cache: RefreshHit from cloudfront
                                                                      Via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
                                                                      X-Amz-Cf-Pop: FRA56-C2
                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                      X-Amz-Cf-Id: r_Dg6fjQEFCbSqMMfM-BC0tcXUKOi5mS5fkiE9fFJN6uu2_CijN_jQ==
                                                                      2024-09-28 07:50:12 UTC16384INData Raw: 77 4f 46 32 00 01 00 00 00 00 4f 18 00 0e 00 00 00 00 db 5c 00 00 4e bd 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 6a 1b d0 72 1c 86 78 06 60 00 82 44 11 08 0a 82 a9 08 81 e4 12 0b 86 44 00 01 36 02 24 03 8c 7a 04 20 05 87 7c 07 93 2b 1b ac b4 17 d8 74 90 cf f5 74 27 48 6d 59 bf e6 ae 3a 99 6e 93 17 e8 0e 52 f4 15 e7 fc 59 19 63 1c 80 6d e8 37 67 ff ff 9f 91 74 8c e1 98 ff 00 55 35 ab 20 e3 26 22 4c 5a 87 33 85 b3 1a fe ab 46 a3 0f 32 67 8f 30 32 11 ab 99 8d cc 69 6b cd 2c 95 74 1d 34 b4 7b af db 2e e7 79 99 2e 9c c0 83 fe 22 93 b8 3b 73 77 d3 bf 5a 91 89 9e 42 cb a0 be ec 39 37 9e c4 c1 65 6e 9e 2a fe 1a f3 5f 1c bb 2b 6a ac f1 62 8d f6 51 17 1d dc b9 33 21 78 db f3 31 1b 6d 45 53 75 64 ff 5a b7 2b 33 c9 0a 2a d1 a6 f2 39
                                                                      Data Ascii: wOF2O\Njrx`DD6$z |+tt'HmY:nRYcm7gtU5 &"LZ3F2g02ik,t4{.y.";swZB97en*_+jbQ3!x1mESudZ+3*9
                                                                      2024-09-28 07:50:12 UTC3864INData Raw: 7b eb a0 40 2d 34 fb 60 77 b5 94 96 b4 7a f8 59 af 55 32 6b b9 b8 22 9c bd 91 09 3f 89 cb e7 d3 5a 48 c2 fd 0c 8b b7 45 aa 27 a5 a5 d6 7e 1a 07 ee 82 94 bf 43 1d fe b6 b2 0b 32 95 7d a3 c7 46 27 2d 9d 3e ee aa 82 fa 3e ac 3b 4a 84 70 71 5b f7 af 6d 61 29 3d cd 5b 8f 87 fa 12 7c 14 61 af d7 cd 30 18 7b 11 8c b0 a6 ce 55 dd bf c6 1a 55 6f be 1a e7 d2 51 0a b0 97 97 41 78 09 57 a6 56 bf bb 79 24 2e 4f 7e 52 a4 be dd fb 4d 1a 2c 2f d3 87 f9 a8 92 ca e9 a2 f4 af e7 c6 22 1d cf 95 ac da dd 60 95 70 ba a5 42 ea be 6b 8c 28 0b 6e ca bf 9a b5 46 93 8b 6a 4c cc 72 8e f7 2a 36 62 da 84 bc ca c6 81 ad 19 6b 9a 74 fa c8 eb 4e 6c 3f 78 08 f3 16 39 b7 2c bf b3 6f bc 51 6f 35 69 ce 98 a8 31 20 8c bd e9 84 8f a0 7a 79 c6 44 03 15 99 88 a4 49 a0 28 ed e4 26 00 d8 ca 52 30
                                                                      Data Ascii: {@-4`wzYU2k"?ZHE'~C2}F'->>;Jpq[ma)=[|a0{UUoQAxWVy$.O~RM,/"`pBk(nFjLr*6bktNl?x9,oQo5i1 zyDI(&R0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.54975635.71.142.774437868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:13 UTC622OUTGET /favicon.ico HTTP/1.1
                                                                      Host: long-experience-225576.framer.app
                                                                      Connection: keep-alive
                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                      sec-ch-ua-mobile: ?0
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                      sec-ch-ua-platform: "Windows"
                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                      Sec-Fetch-Site: same-origin
                                                                      Sec-Fetch-Mode: no-cors
                                                                      Sec-Fetch-Dest: image
                                                                      Referer: https://long-experience-225576.framer.app/
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      2024-09-28 07:50:13 UTC202INHTTP/1.1 404 Not Found
                                                                      Alt-Svc: h3=":443"; ma=2592000
                                                                      Connection: close
                                                                      Server: Framer/875dde8
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Date: Sat, 28 Sep 2024 07:50:13 GMT
                                                                      Content-Length: 0


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      12192.168.2.54976040.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:25 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 70 38 77 33 6f 43 31 4e 55 69 7a 75 67 48 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 63 35 31 32 34 30 36 39 34 36 62 35 37 34 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: Vp8w3oC1NUizugHT.1Context: c7c512406946b574
                                                                      2024-09-28 07:50:25 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:50:25 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 70 38 77 33 6f 43 31 4e 55 69 7a 75 67 48 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 63 35 31 32 34 30 36 39 34 36 62 35 37 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Vp8w3oC1NUizugHT.2Context: c7c512406946b574<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:50:25 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 70 38 77 33 6f 43 31 4e 55 69 7a 75 67 48 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 63 35 31 32 34 30 36 39 34 36 62 35 37 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: Vp8w3oC1NUizugHT.3Context: c7c512406946b574<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:50:25 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:50:25 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 63 76 73 2f 66 68 57 31 55 57 44 51 32 72 33 56 4a 68 4b 76 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: Gcvs/fhW1UWDQ2r3VJhKvg.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      13192.168.2.54976140.115.3.253443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:50:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 4c 73 48 77 5a 68 32 37 30 43 44 45 31 44 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 31 64 66 63 61 39 64 39 61 66 31 63 66 64 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: RLsHwZh270CDE1DR.1Context: 191dfca9d9af1cfd
                                                                      2024-09-28 07:50:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:50:52 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 4c 73 48 77 5a 68 32 37 30 43 44 45 31 44 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 31 64 66 63 61 39 64 39 61 66 31 63 66 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RLsHwZh270CDE1DR.2Context: 191dfca9d9af1cfd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:50:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 4c 73 48 77 5a 68 32 37 30 43 44 45 31 44 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 31 64 66 63 61 39 64 39 61 66 31 63 66 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: RLsHwZh270CDE1DR.3Context: 191dfca9d9af1cfd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:50:52 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:50:52 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 77 41 37 76 54 5a 52 64 45 43 51 37 2f 79 36 63 43 49 42 54 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: DwA7vTZRdECQ7/y6cCIBTQ.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      14192.168.2.54976740.113.110.67443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:51:20 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 72 79 44 5a 7a 32 38 46 30 79 63 33 6b 63 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 32 63 65 37 36 30 62 31 62 62 30 61 33 37 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: QryDZz28F0yc3kc2.1Context: de2ce760b1bb0a37
                                                                      2024-09-28 07:51:20 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:51:20 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 72 79 44 5a 7a 32 38 46 30 79 63 33 6b 63 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 32 63 65 37 36 30 62 31 62 62 30 61 33 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: QryDZz28F0yc3kc2.2Context: de2ce760b1bb0a37<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:51:20 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 72 79 44 5a 7a 32 38 46 30 79 63 33 6b 63 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 32 63 65 37 36 30 62 31 62 62 30 61 33 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: QryDZz28F0yc3kc2.3Context: de2ce760b1bb0a37<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:51:20 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:51:20 UTC58INData Raw: 4d 53 2d 43 56 3a 20 67 6a 2b 49 79 43 6f 72 32 30 32 4b 30 6c 34 47 34 76 36 58 2f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: gj+IyCor202K0l4G4v6X/w.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      15192.168.2.54976940.113.110.67443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:51:57 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 78 66 77 4e 53 6a 47 73 45 57 76 74 45 47 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 63 65 62 32 36 30 31 39 33 65 36 62 33 39 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: dxfwNSjGsEWvtEGS.1Context: 3bceb260193e6b39
                                                                      2024-09-28 07:51:57 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:51:57 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 64 78 66 77 4e 53 6a 47 73 45 57 76 74 45 47 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 63 65 62 32 36 30 31 39 33 65 36 62 33 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: dxfwNSjGsEWvtEGS.2Context: 3bceb260193e6b39<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:51:57 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 78 66 77 4e 53 6a 47 73 45 57 76 74 45 47 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 63 65 62 32 36 30 31 39 33 65 36 62 33 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: dxfwNSjGsEWvtEGS.3Context: 3bceb260193e6b39<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:51:58 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:51:58 UTC58INData Raw: 4d 53 2d 43 56 3a 20 42 71 53 45 52 6c 39 64 43 45 2b 75 49 51 71 65 7a 78 6f 46 30 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: BqSERl9dCE+uIQqezxoF0A.0Payload parsing failed.


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      16192.168.2.54977040.113.110.67443
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-09-28 07:53:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 33 4c 77 43 6a 31 67 72 6b 6d 65 36 7a 50 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 36 35 33 61 30 35 64 37 35 65 32 64 62 0d 0a 0d 0a
                                                                      Data Ascii: CNT 1 CON 305MS-CV: U3LwCj1grkme6zPV.1Context: 66b653a05d75e2db
                                                                      2024-09-28 07:53:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                      2024-09-28 07:53:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 33 4c 77 43 6a 31 67 72 6b 6d 65 36 7a 50 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 36 35 33 61 30 35 64 37 35 65 32 64 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 31 56 5a 46 6d 73 6d 61 50 2b 79 69 37 6c 61 56 6d 30 79 77 6a 42 42 47 42 63 74 62 78 51 39 2b 7a 6a 4a 36 6c 57 78 6e 46 75 35 71 73 35 53 4b 73 69 63 6f 58 4e 6a 38 7a 44 69 4d 64 2b 56 6d 34 67 38 4c 74 4a 45 51 4e 71 42 46 51 4c 71 6e 79 33 4c 62 4d 70 41 7a 2f 55 53 45 46 74 78 73 43 4f 6a 42 2b 65 73 54 7a 36 50 66
                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: U3LwCj1grkme6zPV.2Context: 66b653a05d75e2db<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf1VZFmsmaP+yi7laVm0ywjBBGBctbxQ9+zjJ6lWxnFu5qs5SKsicoXNj8zDiMd+Vm4g8LtJEQNqBFQLqny3LbMpAz/USEFtxsCOjB+esTz6Pf
                                                                      2024-09-28 07:53:01 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 33 4c 77 43 6a 31 67 72 6b 6d 65 36 7a 50 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 36 35 33 61 30 35 64 37 35 65 32 64 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: U3LwCj1grkme6zPV.3Context: 66b653a05d75e2db<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                      2024-09-28 07:53:01 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                      Data Ascii: 202 1 CON 58
                                                                      2024-09-28 07:53:01 UTC58INData Raw: 4d 53 2d 43 56 3a 20 78 34 65 4a 4e 4b 74 67 72 55 43 6b 76 76 4b 4f 7a 49 42 46 55 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                      Data Ascii: MS-CV: x4eJNKtgrUCkvvKOzIBFUA.0Payload parsing failed.


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:03:49:11
                                                                      Start date:28/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Potential Phish.msg"
                                                                      Imagebase:0xf70000
                                                                      File size:34'446'744 bytes
                                                                      MD5 hash:91A5292942864110ED734005B7E005C0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:3
                                                                      Start time:03:49:21
                                                                      Start date:28/09/2024
                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7E47DA79-F67B-43D1-9121-2D5D2E67A194" "8E3ED8AE-3152-46CE-B1B9-A687C01853FA" "7412" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                      Imagebase:0x7ff63ba80000
                                                                      File size:710'048 bytes
                                                                      MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:6
                                                                      Start time:03:50:08
                                                                      Start date:28/09/2024
                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://long-experience-225576.framer.app/
                                                                      Imagebase:0x7ff715980000
                                                                      File size:3'242'272 bytes
                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:7
                                                                      Start time:03:50:08
                                                                      Start date:28/09/2024
                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1932,i,11207979111998239953,10789510869604569881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                      Imagebase:0x7ff715980000
                                                                      File size:3'242'272 bytes
                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      Disassembly

                                                                      No disassembly